skoranga/node-dns-sync

skoranga/node-dns-sync

Releases1

Frequency

Last Release about 11 years ago

Stars7

Sync version of DNS lookup. Useful for server startup activities.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-11079 ↗	May 28, 2020Thursday, 28 May 2020, 19:15	8.6 HIGH	7.5 HIGH
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
CVE-2017-16100 ↗	Jun 7, 2018Thursday, 7 June 2018, 02:29	—	10 HIGH
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
CVE-2014-9682 ↗	Feb 28, 2015Saturday, 28 February 2015, 01:59	—	10 HIGH
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.