dns-sync command injection vulnerability
Critical severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Sep 5, 2023
Description
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Sep 5, 2023
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
References