npm

Severity: critical

Command Injection

dns-sync

Overview

Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve() method.

Remediation

  • Use an alternative dns resolver
  • Do not allow untrusted input into dns-sync.resolve()
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Sep 8th, 2017
  2. reported

    Initial report by Cristian-Alexandru Staicu
    Sep 6th, 2017