Lucene search
GoogleOSV:GHSA-JCW8-R9XM-32C6HistoryJul 18, 2018 - 6:28 p.m.
Command Injection in dns-sync
2018-07-1818:28:02
Google
osv.dev
8
0.008 Low
EPSS
Percentile
82.2%
Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve() method.
Recommendation
- Use an alternative dns resolver
- Do not allow untrusted input into
dns-sync.resolve()
References
github.com/advisories/GHSA-jcw8-r9xm-32c6
github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d
github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))
github.com/skoranga/node-dns-sync/issues/1
github.com/skoranga/node-dns-sync/issues/1)
github.com/skoranga/node-dns-sync/issues/5
nvd.nist.gov/vuln/detail/CVE-2017-16100
www.npmjs.com/advisories/153
www.npmjs.com/advisories/523
Related
cvelist
cvelist
CVE-2017-16100
2018-04-26 00:00:00
veracode
veracode
Command Injection
2019-07-10 04:47:02
Arbitrary Command Execution Through Shell Metacharacters In API Arguments
2015-03-02 16:29:41
nvd
nvd
CVE-2017-16100
2018-06-07 02:29:02
cve
cve
CVE-2017-16100
2018-06-07 02:29:02
github
github
Command Injection in dns-sync
2018-07-18 18:28:02
Command Injection in standard-version
2020-07-13 21:34:59
nodejs
nodejs
Command Injection
2017-09-06 23:32:56
prion
prion
Command injection
2018-06-07 02:29:00
osv
osv
Command Injection in standard-version
2020-07-13 21:34:59