National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:dns-sync_project:dns-sync:0.1.0::~~~node.js~~
There are 2 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-16100

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.

Published: June 06, 2018; 10:29:02 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2014-9682

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Published: February 27, 2015; 08:59:01 PM -05:00
V2: 10.0 HIGH