CVE-2014-9682
EPSS 1.0%dns-sync command injection vulnerability
Published: 10/24/2017Modified: 11/8/2023
Also known as:GHSA-q5pq-pgrv-fh89
Description
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
Affected packages (1)
- npm/dns-syncfrom 0, < 0.1.1
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-q5pq-pgrv-fh89
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-9682
- PATCHhttps://github.com/skoranga/node-dns-sync
- WEBhttps://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d
- WEBhttps://github.com/skoranga/node-dns-sync/issues/1
- WEBhttp://www.openwall.com/lists/oss-security/2014/11/11/6