CVE-2021-33516 - log back

CVE-2021-33516 edited at 24 May 2021 17:08:52
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An issue was discovered in GUPnP before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tampering, etc.
References
+ https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
+ https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
+ https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/13
+ https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac
Notes
CVE-2021-33516 created at 24 May 2021 17:06:28