CVE-2021-33516

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33516

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33516.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-33516

Related

Published

2021-05-24T15:15:07Z

Modified

2024-09-18T03:14:48.360687Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

References

Affected packages

Debian:11 / gupnp

Package

Name: gupnp
Purl: pkg:deb/debian/gupnp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-1

1.2.7-1

1.4.0-1

1.4.0-2

1.4.1-1

1.4.3-1

1.6.0-1

1.6.0-2

1.6.0-3

1.6.2-1

1.6.3-1

1.6.4-1

1.6.5-1

1.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gupnp

Package

Name: gupnp
Purl: pkg:deb/debian/gupnp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gupnp

Package

Name: gupnp
Purl: pkg:deb/debian/gupnp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/gupnp

Affected ranges

Type: GIT
Repo: https://github.com/gnome/gupnp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ab250af4c92c0b495af360f8a903719c49446cde

Affected versions

0.*

0.20.11

gupnp-0.*

gupnp-0.10

gupnp-0.12

gupnp-0.12.1

gupnp-0.12.2

gupnp-0.12.3

gupnp-0.12.4

gupnp-0.12.5

gupnp-0.12.6

gupnp-0.12.7

gupnp-0.12.8

gupnp-0.13

gupnp-0.13.1

gupnp-0.13.2

gupnp-0.13.3

gupnp-0.13.4

gupnp-0.13.5

gupnp-0.14.0

gupnp-0.15.0

gupnp-0.15.1

gupnp-0.16.0

gupnp-0.16.1

gupnp-0.17.0

gupnp-0.17.1

gupnp-0.17.2

gupnp-0.18.0

gupnp-0.19.0

gupnp-0.19.1

gupnp-0.19.2

gupnp-0.19.3

gupnp-0.19.4

gupnp-0.20.0

gupnp-0.20.1

gupnp-0.20.10

gupnp-0.20.11

gupnp-0.20.12

gupnp-0.20.13

gupnp-0.20.14

gupnp-0.20.15

gupnp-0.20.16

gupnp-0.20.17

gupnp-0.20.18

gupnp-0.20.2

gupnp-0.20.3

gupnp-0.20.4

gupnp-0.20.5

gupnp-0.20.6

gupnp-0.20.7

gupnp-0.20.8

gupnp-0.20.9

gupnp-0.99.0

gupnp-1.*

gupnp-1.0.0

gupnp-1.0.1

gupnp-1.0.2

gupnp-1.0.3

gupnp-1.0.4

gupnp-1.0.5

gupnp-1.0.6