Dns-sync Project Dns-sync — known CVE vulnerabilities
Every CVE whose affected-product data names Dns-sync Project Dns-sync, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2014-9682 — CVSS 10.0 (critical): The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in…
CVE-2017-16100 — CVSS 9.8 (critical): dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.