4 matches found
CVE-2020-7634
heroku-addonpool through 0.1.15 is vulnerable to Command Injection...
CVE-2020-7634
creationtimestamp| type| source ---|---|--- 2021-12-09 19:52:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3q9x-w53p-jg53...
CVE-2020-7634
CVE-2020-7634 affects the npm package heroku-addonpool up to version 0.1.15. The vulnerability is a command injection flaw where the second parameter of the exported function HerokuAddonPool(id, app, opt) can be controlled by an attacker without sanitization. A PoC demonstrates exploiting this to...
CVE-2020-7634
heroku-addonpool through 0.1.15 is vulnerable to Command Injection...