CVE-2021-33516 – gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services

https://notcve.org/view.php?id=CVE-2021-33516

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. Se detectó un problema en GUPnP versiones anteriores a 1.0.7 y 1.1.x y versiones 1.2.x anteriores a 1.2.5. • https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 https://access.redhat.com/security/cve/CVE-2021-33516 https://bugzilla.redhat.com/show_bug.cgi?id=1964091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •