GHSA-c438-6f6r-pg8w

Suggest an improvement
Source
https://github.com/advisories/GHSA-c438-6f6r-pg8w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-c438-6f6r-pg8w/GHSA-c438-6f6r-pg8w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c438-6f6r-pg8w
Aliases
Published
2022-08-16T00:00:22Z
Modified
2023-11-08T04:03:06.096989Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
4thline cling uPnP protocol issue can lead to denial of service
Details

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers.

Database specific 
{
    "nvd_published_at": "2022-08-15T20:15:00Z",
    "github_reviewed_at": "2022-08-18T19:18:55Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Maven / org.fourthline.cling:cling-core

Package

Name
org.fourthline.cling:cling-core
View open source insights on deps.dev
Purl
pkg:maven/org.fourthline.cling/cling-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Last affected
2.1.2