0.003 Low
EPSS
Percentile
65.2%
Affected versions of dns-sync are vulnerable to arbitrary command execution via maliciously formed hostnames.
dns-sync
var dnsSync = require('dns-sync'); console.log(dnsSync.resolve('$(id > /tmp/foo)'));
Update to version 0.1.1 or later.