Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1cHEtcGdydi1maDg5

dns-sync command injection vulnerability

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Permalink: https://github.com/advisories/GHSA-q5pq-pgrv-fh89
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1cHEtcGdydi1maDg5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 6 years ago
Updated: 8 months ago

Identifiers: GHSA-q5pq-pgrv-fh89, CVE-2014-9682
References:

Repository: https://github.com/skoranga/node-dns-sync
Blast Radius: 0.0

Affected Packages

npm:dns-sync

Dependent packages: 22
Dependent repositories: 121
Downloads: 102,397 last month
Affected Version Ranges: < 0.1.1
Fixed in: 0.1.1
All affected versions: 0.1.0
All unaffected versions: 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1