Description
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
Remediation
References
https://github.com/skoranga/node-dns-sync/issues/5
https://nodesecurity.io/advisories/523
Related Vulnerabilities
CVE-2021-23362 Vulnerability in maven package org.webjars.npm:hosted-git-info
CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement
CVE-2022-43484 Vulnerability in maven package org.terasoluna.gfw:terasoluna-gfw-common
CVE-2018-14041 Vulnerability in maven package org.webjars.npm:bootstrap