Description
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
Remediation
References
https://github.com/skoranga/node-dns-sync/issues/5
https://nodesecurity.io/advisories/523
Related Vulnerabilities
CVE-2019-10759 Vulnerability in npm package safer-eval
CVE-2020-13654 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2021-21193 Vulnerability in npm package electron
CVE-2015-0250 Vulnerability in maven package batik:batik-transcoder
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common