Skx

**Name of the Vulnerable Software and Affected Versions** node-cli versions prior to 1.0.0 cli versions prior to 1.0.0 **Description** The issue arises from the insecure use of temporary files, specifically `lock file` and `log file`, which can be exploited by an attacker to overwrite any file the starting user has access to. This is due to the predictable nature of the temporary file names used by the affected versions of `cli`. An attacker can create a symbolic link at the location of one of these temporary file names, allowing them to arbitrarily write to any file that the user owning the `cli` process has permission to write to. **Recommendations** For node-cli versions prior to 1.0.0, update to version 1.0.0 or later. For cli versions prior to 1.0.0, update to version 1.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** dns-sync module versions prior to 0.1.1 **Description** The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the `resolve` API function. This can be exploited by passing malicious input to the function, potentially leading to unauthorized command execution. **Recommendations** For versions prior to 0.1.1, update to version 0.1.1 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the input to the `resolve` API function to prevent shell metacharacters from being executed. Restrict access to the `resolve` function to minimize the risk of exploitation.