Description
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
Remediation
References
https://nodesecurity.io/advisories/523
https://github.com/skoranga/node-dns-sync/issues/5
Related Vulnerabilities
CVE-2016-10665 Vulnerability in npm package herbivore
CVE-2020-5284 Vulnerability in npm package next
CVE-2022-39387 Vulnerability in maven package org.xwiki.contrib.oidc:oidc-authenticator
CVE-2014-3004 Vulnerability in maven package org.codehaus.castor:castor-xml
CVE-2017-5664 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core