{"url":"http://public2.vulnerablecode.io/api/packages/6607?format=json","purl":"pkg:npm/dns-sync@0.1.1","type":"npm","namespace":"","name":"dns-sync","version":"0.1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.2.1","latest_non_vulnerable_version":"0.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38822?format=json","vulnerability_id":"VCID-1rf3-dksn-4qcp","summary":"Command Injection\nIf untrusted user input is allowed into the `resolve()` method then command injection is possible.","references":[{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/skoranga/node-dns-sync/issues/5"}],"fixed_packages":[],"aliases":["GMS-2017-199"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rf3-dksn-4qcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39911?format=json","vulnerability_id":"VCID-ybq7-4vuk-j7ez","summary":"Command Injection\nIf untrusted user input is allowed into the `resolve()` method then command injection is possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16100","reference_id":"","reference_type":"","scores":[{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90243","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90229","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90256","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.9024","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90241","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90245","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16100"},{"reference_url":"https://github.com/advisories/GHSA-jcw8-r9xm-32c6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jcw8-r9xm-32c6"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1)","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1)"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/5","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/5"},{"reference_url":"https://www.npmjs.com/advisories/153","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/153"},{"reference_url":"https://www.npmjs.com/advisories/523","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/523"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16100","reference_id":"CVE-2017-16100","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55753?format=json","purl":"pkg:npm/dns-sync@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rf3-dksn-4qcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.2"}],"aliases":["CVE-2017-16100","GHSA-jcw8-r9xm-32c6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybq7-4vuk-j7ez"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108640?format=json","vulnerability_id":"VCID-m6mm-t468-gffk","summary":"Critical severity vulnerability that affects dns-sync\nWithdrawn, accidental duplicate publish.\n\nThe dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.","references":[{"reference_url":"https://github.com/advisories/GHSA-wxvm-fh75-mpgr","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxvm-fh75-mpgr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9682","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6607?format=json","purl":"pkg:npm/dns-sync@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rf3-dksn-4qcp"},{"vulnerability":"VCID-ybq7-4vuk-j7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.1"}],"aliases":["GHSA-wxvm-fh75-mpgr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6mm-t468-gffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30555?format=json","vulnerability_id":"VCID-pbw4-8urr-wqbf","summary":"Command Injection\nThe dns-sync library for node.js allows resolving hostnames in a synchronous fashion\n\nAll versions of dns-sync prior to the release 0.1.1 were vulnerable to arbitrary command execution via maliciously formed hostnames.\n\nFor example:\n\n    var dnsSync = require('dns-sync');\n    console.log(dnsSync.resolve('$(id > /tmp/foo)'));\n\nThis is caused by the hostname being passed through a shell as part of a command execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9682","reference_id":"","reference_type":"","scores":[{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77758","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77791","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77773","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77783","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77792","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77785","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9682"},{"reference_url":"https://github.com/advisories/GHSA-q5pq-pgrv-fh89","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5pq-pgrv-fh89"},{"reference_url":"https://github.com/skoranga/node-dns-sync","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1)","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1)"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9682","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9682"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/11/11/6","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/11/11/6"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/153.json","reference_id":"153","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/153.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6607?format=json","purl":"pkg:npm/dns-sync@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rf3-dksn-4qcp"},{"vulnerability":"VCID-ybq7-4vuk-j7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.1"}],"aliases":["CVE-2014-9682","GHSA-q5pq-pgrv-fh89"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbw4-8urr-wqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39911?format=json","vulnerability_id":"VCID-ybq7-4vuk-j7ez","summary":"Command Injection\nIf untrusted user input is allowed into the `resolve()` method then command injection is possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16100","reference_id":"","reference_type":"","scores":[{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90243","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90229","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90256","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.9024","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90241","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0534","scoring_system":"epss","scoring_elements":"0.90245","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16100"},{"reference_url":"https://github.com/advisories/GHSA-jcw8-r9xm-32c6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jcw8-r9xm-32c6"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d"},{"reference_url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1c73d7b890a0d)))"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/1)","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/1)"},{"reference_url":"https://github.com/skoranga/node-dns-sync/issues/5","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/skoranga/node-dns-sync/issues/5"},{"reference_url":"https://www.npmjs.com/advisories/153","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/153"},{"reference_url":"https://www.npmjs.com/advisories/523","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/523"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16100","reference_id":"CVE-2017-16100","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6607?format=json","purl":"pkg:npm/dns-sync@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rf3-dksn-4qcp"},{"vulnerability":"VCID-ybq7-4vuk-j7ez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55753?format=json","purl":"pkg:npm/dns-sync@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1rf3-dksn-4qcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.2"}],"aliases":["CVE-2017-16100","GHSA-jcw8-r9xm-32c6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybq7-4vuk-j7ez"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dns-sync@0.1.1"}