2 matches found
CVE-2017-16100
dns-sync is a Node.js library that can execute arbitrary commands when untrusted input is provided to the resolve() method, enabling remote code execution. The vulnerability is confirmed in multiple sources, notably the IBM Datapower Operations Dashboard advisory describing an impact on DataPower...
CVE-2014-9682
The dns-sync module for Node.js (versions before 0.1.1) is affected by CVE-2014-9682. The underlying issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function, enabling remote code execution or command executi...