rpm package
almalinux/gupnp-devel
pkg:rpm/almalinux/gupnp-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33516 | — | < 1.0.6-2.el8_4 | 1.0.6-2.el8_4 | May 24, 2021 | An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on | ||
| CVE-2020-12695 | — | < 1.0.6-1.el8 | 1.0.6-1.el8 | Jun 8, 2020 | The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
- CVE-2021-33516May 24, 2021affected < 1.0.6-2.el8_4fixed 1.0.6-2.el8_4
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on
- CVE-2020-12695Jun 8, 2020affected < 1.0.6-1.el8fixed 1.0.6-1.el8
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.