oss-sec mailing list archives
DNS rebinding vulnerability in npupnp
From: Gabriel Corona <gabriel.corona () enst-bretagne fr>
Date: Tue, 20 Apr 2021 09:54:56 +0200
The server-part of npupnp, a library used to implement UUPnP clients and servers, is vulnerable to DNS rebinding attacks. Impact: A remote web server can exploit this vulnerability to trick the user browser into triggering actions on the local UPnP services implemented using this library. This is fixed in v4.1.4. https://framagit.org/medoc92/npupnp https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html A CVE as been requested.
Current thread:
- DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 20)
- Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)