Severity: Critical
CVSS Score: 9.8
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.