Dns-sync ProjectCVEs & Vulnerabilities
2 CVEs affecting Dns-sync Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
dns-sync 2
CVE-2017-16100CRITICAL
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
7 Jun 2018
9.8
CVSS
CVE-2014-9682CRITICAL
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
28 Feb 2015
10.0
CVSS
← PrevPage 1 / 1Next →