rpm package
opensuse/gupnp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gupnp&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33516 | — | < 1.2.7-2.2 | 1.2.7-2.2 | May 24, 2021 | An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on | ||
| CVE-2020-12695 | — | < 1.2.7-2.2 | 1.2.7-2.2 | Jun 8, 2020 | The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
- CVE-2021-33516May 24, 2021affected < 1.2.7-2.2fixed 1.2.7-2.2
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on
- CVE-2020-12695Jun 8, 2020affected < 1.2.7-2.2fixed 1.2.7-2.2
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.