{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T23:23:10.366","vulnerabilities":[{"cve":{"id":"CVE-2021-29462","sourceIdentifier":"security-advisories@github.com","published":"2021-04-20T21:15:08.493","lastModified":"2024-11-21T06:01:09.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later."},{"lang":"es","value":"El SDK Portátil para Dispositivos UPnP es un SDK para el desarrollo de aplicaciones de puntos de control y dispositivos UPnP. La parte del servidor de pupnp (libupnp) parece ser vulnerable a los ataques de reenlace de DNS porque no comprueba el valor del encabezado \"Host\". Esto puede ser mitigado al usar resolutores de DNS que bloquean los ataques DNS-rebinding. La vulnerabilidad se corrigió en versión 1.14.6 y posteriores"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pupnp_project:pupnp:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.6","matchCriteriaId":"2AF559B8-B988-40BE-8BFA-91EB27B7BF6B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/04/20/4","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/04/20/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}