[MAVEN:GHSA-C438-6F6R-PG8W] 4thline cling uPnP protocol issue can lead to denial of service

Severity High

Affected Packages 1

CVEs 1

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers.

Package	Affected Version
pkg:maven/org.fourthline.cling/cling-core	>= 2.0.0, <= 2.1.2

ID: MAVEN:GHSA-C438-6F6R-PG8W
Severity: high
URL: https://github.com/advisories/GHSA-c438-6f6r-pg8w
Published: 2022-08-16T00:00:22
(2 years ago)
Modified: 2023-01-30T05:06:49
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2020-23622
			https://github.com/4thline/cling/issues/253
			https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true
			https://github.com/advisories/GHSA-c438-6f6r-pg8w

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.fourthline.cling/cling-core	org.fourthline.cling	cling-core	>= 2.0.0 <= 2.1.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date