CVE-2017-16100
Command Injection in dns-sync
EPSS 5.3%
Description
Affected versions of `dns-sync` have an arbitrary command execution vulnerability in the `resolve()` method. ## Recommendation - Use an alternative dns resolver - Do not allow untrusted input into `dns-sync.resolve()`
How to fix CVE-2017-16100
To remediate CVE-2017-16100, upgrade the affected package to a fixed version below.
- npm/dns-sync—upgrade to 0.1.1 or later
Is CVE-2017-16100 being exploited?
Moderate — EPSS is 5.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.1.1