Skip to main content

Dns Sync

1 CVEs product

Monthly

CVE-2014-9682 npm CRITICAL PATCH Act Now

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Dns Sync
NVD GitHub
CVSS 2.0
10.0
EPSS
1.0%
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Dns Sync
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy