Network Vulnerability in GUPnP Library by GNOME
CVE-2021-33516

8.1HIGH

Key Information:

Vendor: Gnome
Status: Gupnp
Vendor: CVE Published:; 24 May 2021

What is CVE-2021-33516?

A vulnerability in the GUPnP library prior to specified versions enables remote web servers to exploit DNS rebinding. This manipulation can cause a victim's browser to perform unauthorized actions against local UPnP services, potentially leading to sensitive data exfiltration or manipulation. Users of GUPnP should ensure they are running the latest secure versions to mitigate these risks.

References

https://gitlab.gnome.org/GNOME/gupnp/-/issues/24

x_refsource_MISC

https://discourse.gnome.org/t/security-relevant-releases-...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
May 24, 2021

Gnome

What is CVE-2021-33516?

References

CVSS V3.1

Timeline