Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package dns-sync, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2014-9682 — CVSS 10.0 (critical): The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in…
CVE-2017-16100 — CVSS 9.8 (critical): dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
CVE-2020-11079 — CVSS 8.6 (high): node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if…