29 matches found
CVE-2017-16100
dns-sync is a Node.js library that can execute arbitrary commands when untrusted input is provided to the resolve() method, enabling remote code execution. The vulnerability is confirmed in multiple sources, notably the IBM Datapower Operations Dashboard advisory describing an impact on DataPower...
GHSA-Q5PQ-PGRV-FH89 dns-sync command injection vulnerability
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...
dns-sync command injection vulnerability
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...
Command Injection
Overview Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve References - Issue 1 - Commit d9abaae...
Command Injection
Overview Affected versions of dns-sync are vulnerable to arbitrary command execution via maliciously formed hostnames. Proof of Concept var dnsSync = require'dns-sync'; console.logdnsSync.resolve'$id /tmp/foo'; Recommendation Update to version 0.1.1 or later. References - Issue 1 - Commit d9abaae...
CVE-2014-9682
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...
Code injection
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...
CVE-2014-9682
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...
Command Injection
Overview The dns-sync library for node.js allows resolving hostnames in a synchronous fashion All versions of dns-sync prior to the release 0.1.1 were vulnerable to arbitrary command execution via maliciously formed hostnames. For example: var dnsSync = require'dns-sync';...