OESA-2021-1272

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1272

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1272.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1272

Upstream

CVE-2021-33516

Published

2021-07-24T11:03:03Z

Modified

2025-08-12T05:08:29.663110Z

Summary

gupnp security update

Details

GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most of UPnP's internals.

Security Fix(es):

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.(CVE-2021-33516)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / gupnp

Package

Name: gupnp
Purl: pkg:rpm/openEuler/gupnp&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.4-1.oe1

Ecosystem specific

{
    "noarch": [
        "gupnp-help-1.2.4-1.oe1.noarch.rpm"
    ],
    "aarch64": [
        "gupnp-devel-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-debugsource-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-debuginfo-1.2.4-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "gupnp-debuginfo-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-devel-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-debugsource-1.2.4-1.oe1.x86_64.rpm"
    ],
    "src": [
        "gupnp-1.2.4-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / gupnp

Package

Name: gupnp
Purl: pkg:rpm/openEuler/gupnp&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.4-1.oe1

Ecosystem specific

{
    "noarch": [
        "gupnp-help-1.2.4-1.oe1.noarch.rpm"
    ],
    "aarch64": [
        "gupnp-devel-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-debugsource-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-1.2.4-1.oe1.aarch64.rpm",
        "gupnp-debuginfo-1.2.4-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "gupnp-debuginfo-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-devel-1.2.4-1.oe1.x86_64.rpm",
        "gupnp-debugsource-1.2.4-1.oe1.x86_64.rpm"
    ],
    "src": [
        "gupnp-1.2.4-1.oe1.src.rpm"
    ]
}