CVE-2021-33516 – gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services

https://notcve.org/view.php?id=CVE-2021-33516

24 May 2021 — An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. Se detectó un problema en GUPnP versiones anteriores a 1.0.7 y 1.1.x y versiones 1.2.x anteriores a 1.2.5. • https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •