Homepage
About Snyk

Remote Code Execution (RCE) Affecting dns-sync package, versions <0.2.0

0.0
high

Snyk CVSS

    Attack Complexity Low
    Scope Changed
    Integrity High

    Threat Intelligence

    EPSS 0.92% (83rd percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-DNSSYNC-570585
  • published 29 May 2020
  • disclosed 21 May 2020
  • credit Erik Krogh Kristensen
Report a new vulnerability Found a mistake?

Introduced: 21 May 2020

CVE-2020-11079 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

Upgrade dns-sync to version 0.2.0 or higher.

Overview

dns-sync is a dns-sync.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). This issue could lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.

References