npm package
dns-sync
pkg:npm/dns-sync
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11079 | — | >= 0.1.3, < 0.2.1 | 0.2.1 | May 28, 2020 | node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1. | ||
| CVE-2017-16100 | — | < 0.1.1 | 0.1.1 | Jun 7, 2018 | dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | ||
| CVE-2014-9682 | — | < 0.1.1 | 0.1.1 | Feb 28, 2015 | The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. |
- CVE-2020-11079May 28, 2020affected >= 0.1.3, < 0.2.1fixed 0.2.1
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
- CVE-2017-16100Jun 7, 2018affected < 0.1.1fixed 0.1.1
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
- CVE-2014-9682Feb 28, 2015affected < 0.1.1fixed 0.1.1
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.