CVE-2014-9682
EPSS 1.0%dns-sync command injection vulnerability
發布日:2017/10/24修改日:2023/11/8
描述
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
受影響套件(1)
- npm/dns-syncfrom 0, < 0.1.1
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-q5pq-pgrv-fh89
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-9682
- PATCHhttps://github.com/skoranga/node-dns-sync
- WEBhttps://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d
- WEBhttps://github.com/skoranga/node-dns-sync/issues/1
- WEBhttp://www.openwall.com/lists/oss-security/2014/11/11/6