Command Injection in dns-sync

2018-07-18T18:28:02
ID GHSA-JCW8-R9XM-32C6
Type github
Reporter GitHub Advisory Database
Modified 2021-01-08T18:35:10

Description

Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve() method.

Recommendation

  • Use an alternative dns resolver
  • Do not allow untrusted input into dns-sync.resolve()