CVE-2014-9682

dns-sync <0.1.1 - Command Injection

Title source: llm
STIX 2.1

Description

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

References (3)

Core 3

Scores

EPSS 0.0292
EPSS Percentile 85.3%

Details

CWE
CWE-77
Status published
Products (2)
dns-sync_project/dns-sync < 0.1.0
npm/dns-sync 0 - 0.1.1npm
Published Feb 28, 2015
Tracked Since Feb 18, 2026