6 matches found
CVE-2020-11079
node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...
node-dns-sync code injection vulnerability
node-dns-sync is a package that synchronizes/blocks DNS resolution from the American developers of Skoranga Software. A code injection vulnerability exists in node-dns-sync version 0.2.0 and earlier. A remote attacker can exploit this vulnerability to execute code...
Design/Logic Flaw
node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...
Command injection in node-dns-sync
dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input...
CVE-2020-11079
Summary : CVE-2020-11079 affects the npm package node-dns-sync (dns-sync) up to version 0.2.0. The vulnerability allows execution of arbitrary commands via a vulnerable method when driven by untrusted input, potentially leading to remote code execution. A fix is available in version 0.2.1. Affect...
CVE-2020-11079 command injection fix in node-dns-sync
node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...