Vulnerability Details CVE-2017-16100
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 90.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2017-16100
-
cpe:2.3:a:dns-sync_project:dns-sync:0.1.0
-
cpe:2.3:a:dns-sync_project:dns-sync:0.1.1