dns-sync

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting dns-syncpage 1 of 1

CVE-2014-9682NONECVSS 0.0EG 0.0✓ Fixed in 0.1.1
2015-02-28
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
CVE-2017-16100CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.1.1
2018-06-07
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
CVE-2020-11079HIGHCVSS 8.6EG 8.6✓ Fixed in 0.2.1
2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2…

Check whether dns-sync is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for dns-sync CVEs against the assets you own.

Start Free Scan →