Filtered by vendor Dns-sync Project
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16100 | 1 Dns-sync Project | 1 Dns-sync | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | |||||
CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2024-11-21 | 10.0 HIGH | N/A |
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. |