Lucene search
K

29 matches found

CVE
CVE
added 2018/06/07 2:0 a.m.66 views

CVE-2017-16100

dns-sync is a Node.js library that can execute arbitrary commands when untrusted input is provided to the resolve() method, enabling remote code execution. The vulnerability is confirmed in multiple sources, notably the IBM Datapower Operations Dashboard advisory describing an impact on DataPower...

10CVSS9.6AI score0.05132EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.2 views

GHSA-Q5PQ-PGRV-FH89 dns-sync command injection vulnerability

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

10CVSS7.5AI score0.02922EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.33 views

dns-sync command injection vulnerability

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

10CVSS7.3AI score0.02922EPSS
Exploits0References5Affected Software1
Node.js
Node.js
added 2017/09/06 11:32 p.m.104 views

Command Injection

Overview Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve References - Issue 1 - Commit d9abaae...

10CVSS6.9AI score0.05132EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2016/10/27 4:23 p.m.47 views

Command Injection

Overview Affected versions of dns-sync are vulnerable to arbitrary command execution via maliciously formed hostnames. Proof of Concept var dnsSync = require'dns-sync'; console.logdnsSync.resolve'$id /tmp/foo'; Recommendation Update to version 0.1.1 or later. References - Issue 1 - Commit d9abaae...

10CVSS6.6AI score0.02922EPSS
Exploits0Affected Software1
NVD
NVD
added 2015/02/28 1:59 a.m.19 views

CVE-2014-9682

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

10CVSS7.4AI score0.02922EPSS
Exploits0References3
Prion
Prion
added 2015/02/28 1:59 a.m.13 views

Code injection

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

10CVSS8AI score0.02922EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/02/28 1:0 a.m.26 views

CVE-2014-9682

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

7.4AI score0.02922EPSS
Exploits0References3
Node.js
Node.js
added 2014/11/12 3:33 a.m.22 views

Command Injection

Overview The dns-sync library for node.js allows resolving hostnames in a synchronous fashion All versions of dns-sync prior to the release 0.1.1 were vulnerable to arbitrary command execution via maliciously formed hostnames. For example: var dnsSync = require'dns-sync';...

6.5CVSS7.1AI score
Exploits0Affected Software1
Rows per page
Query Builder