Description
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
Remediation
References
https://zh-cn.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of?tns_redirect=true
https://github.com/4thline/cling/issues/253
Related Vulnerabilities
CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2019-10322 Vulnerability in maven package org.jenkins-ci.plugins:artifactory
CVE-2020-13935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2021-23555 Vulnerability in npm package vm2
CVE-2018-14041 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap