EPSS
Percentile
82.2%
dns-sync is vulnerable to command injection. Lack of input validation allows an attacker to submit input into resolve() method, whcih would allow arbitrary command injection on the system.
resolve()
github.com/skoranga/node-dns-sync/issues/5
nodesecurity.io/advisories/523
www.npmjs.com/advisories/523