Описание
Terraform WinDNS Provider improperly sanitizes input variables in windns_record
Impact:
A security issue has been found in terraform-provider-windns before version 1.0.5. The windns_record resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt.
Patches:
83ef736 (fix: better input validation)
Fixed versions:
v1.0.5
Пакеты
github.com/nrkno/terraform-provider-windns
<= 1.0.4
Отсутствует
Связанные уязвимости
Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue.