0.2.1
10 years ago
4 years ago
Known vulnerabilities in the dns-sync package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
dns-sync is a dns-sync. Affected versions of this package are vulnerable to Remote Code Execution (RCE). This issue could lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. How to fix Remote Code Execution (RCE)? Upgrade | <0.2.0 |
Affected versions of this package are uvlnerable to Regular Expression Denial of Service (ReDoS) attacks. How to fix Regular Expression Denial of Service (ReDoS)? There is no fix version for | * |
The dns-sync library for node.js allows resolving hostnames in a synchronous fashion. All versions of dns-sync prior to the release 0.1.3 were vulnerable to arbitrary command execution via maliciously formed hostnames. How to fix Arbitrary Command Injection? Upgrade dns-sync to version 0.1.1 or greater. | <0.1.3 |