CVE-2020-23622 – org.fourthline.cling:cling-core

Package

Manager: maven
Name: org.fourthline.cling:cling-core
Vulnerable Version: >=2.0.0 <=2.1.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00559 pctl0.67244

Details

4thline cling uPnP protocol issue can lead to denial of service An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked `CALLBACK` parameter in the request header. As of 2022, 4thline cling is no longer supported by the maintainers.

Metadata

Created: 2022-08-16T00:00:22Z
Modified: 2022-08-18T19:18:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-c438-6f6r-pg8w/GHSA-c438-6f6r-pg8w.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-c438-6f6r-pg8w
Finding: F100
Auto approve: 1