Executive Summary

Informations
Name CVE-2014-9682 First vendor Publication 2015-02-27
Vendor Cve Last vendor Modification 2015-03-02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9682

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')

Sources (Detail)

Source Url
CONFIRM https://github.com/skoranga/node-dns-sync/commit/d9abaae384b198db1095735ad9c1...
https://github.com/skoranga/node-dns-sync/issues/1
MLIST http://www.openwall.com/lists/oss-security/2014/11/11/6

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2021-04-22 01:43:02
  • Multiple Updates
2020-05-23 01:54:00
  • Multiple Updates
2020-05-23 00:43:07
  • Multiple Updates
2015-03-03 00:23:00
  • Multiple Updates
2015-02-28 09:23:39
  • First insertion