vulnerability
CentOS Linux: CVE-2021-33516: Important: gupnp security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | May 24, 2021 | Jun 10, 2021 | May 25, 2023 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
May 24, 2021
Added
Jun 10, 2021
Modified
May 25, 2023
Description
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Solutions
centos-upgrade-gupnpcentos-upgrade-gupnp-debuginfocentos-upgrade-gupnp-debugsourcecentos-upgrade-gupnp-develcentos-upgrade-gupnp-docs
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.