Описание
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Ссылки
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- PatchVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...
EPSS
8.1 High
CVSS3
5.8 Medium
CVSS2