dns-sync@0.1.0 vulnerabilities

dns-sync

Direct Vulnerabilities

Known vulnerabilities in the dns-sync package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Remote Code Execution (RCE)

dns-sync is a dns-sync.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). This issue could lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.

How to fix Remote Code Execution (RCE)?

Upgrade dns-sync to version 0.2.0 or higher.

<0.2.0
  • M
Regular Expression Denial of Service (ReDoS)

dns-sync is a dns resolver implemented in node.js

Affected versions of this package are uvlnerable to Regular Expression Denial of Service (ReDoS) attacks.

How to fix Regular Expression Denial of Service (ReDoS)?

There is no fix version for dns-sync.

*
  • M
Arbitrary Command Injection

The dns-sync library for node.js allows resolving hostnames in a synchronous fashion. All versions of dns-sync prior to the release 0.1.3 were vulnerable to arbitrary command execution via maliciously formed hostnames.

How to fix Arbitrary Command Injection?

Upgrade dns-sync to version 0.1.1 or greater.

<0.1.3