oss-sec mailing list archives
Re: DNS rebinding vulnerability in npupnp
From: Gabriel Corona <gabriel.corona () enst-bretagne fr>
Date: Sun, 25 Apr 2021 12:56:35 +0200
Le 20/04/2021 à 09:54, Gabriel Corona a écrit :
The server-part of npupnp, a library used to implement UUPnP clients and servers, is vulnerable to DNS rebinding attacks. Impact: A remote web server can exploit this vulnerability to trick the user browser into triggering actions on the local UPnP services implemented using this library. This is fixed in v4.1.4. https://framagit.org/medoc92/npupnp https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html A CVE as been requested.
This is CVE-2021-31718. Gabriel
Current thread:
- DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 20)
- Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)