GHSA-jcw8-r9xm-32c6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jcw8-r9xm-32c6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-jcw8-r9xm-32c6/GHSA-jcw8-r9xm-32c6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jcw8-r9xm-32c6
- Aliases
-
- CVE-2017-16100
- Published
- 2018-07-18T18:28:02Z
- Modified
- 2023-11-08T03:59:04.853722Z
- Summary
- Command Injection in dns-sync
- Details
-
Affected versions of
dns-synchave an arbitrary command execution vulnerability in theresolve()method.Recommendation
- Use an alternative dns resolver
- Do not allow untrusted input into
dns-sync.resolve()
- Database specific
{ "cwe_ids": [ "CWE-94" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:43:08Z", "nvd_published_at": null, "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-16100
- https://github.com/skoranga/node-dns-sync/issues/1
- https://github.com/skoranga/node-dns-sync/issues/1)
- https://github.com/skoranga/node-dns-sync/issues/5
- https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d
- https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))
- https://github.com/advisories/GHSA-jcw8-r9xm-32c6
- https://www.npmjs.com/advisories/153
- https://www.npmjs.com/advisories/523
Affected packages
npm / dns-sync
Package
- Name
- dns-sync
- View open source insights on deps.dev
- Purl
- pkg:npm/dns-sync