CVE-2020-7634

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

OS Command Injection in heroku-addonpool

heroku-addonpool through 0.1.15 is vulnerable to Command Injection. The second parameter of the exported function HerokuAddonPoolid, app, opt can be controlled by users without any sanitization. PoC js var Root = require"heroku-addonpool"; var root = Root"sss", "& touch JHU", ; root.setup;...

GHSA-3Q9X-W53P-JG53 OS Command Injection in heroku-addonpool

heroku-addonpool through 0.1.15 is vulnerable to Command Injection. The second parameter of the exported function HerokuAddonPoolid, app, opt can be controlled by users without any sanitization. PoC js var Root = require"heroku-addonpool"; var root = Root"sss", "& touch JHU", ; root.setup;...

Remote Code Execution (RCE)

heroku-addonpool is vulnerable to remote code execution RCE. The vulnerability exists because the parameter app value can be controlled by the attacker by sending malicious code to execute in the function HerokuAddonPool...

heroku-addonpool command injection vulnerability

heroku-addonpool is a package for managing applications in Heroku. A command injection vulnerability exists in heroku-addonpool version 0.1.15 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2020-7634

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

CVE-2020-7634

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

Command injection

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

CVE-2020-7634

heroku-addonpool through 0.1.15 is vulnerable to Command Injection...

Command Injection

Overview heroku-addonpool is a tool that Managing Addon Pool of an App in Heroku. Affected versions of this package are vulnerable to Command Injection. The second parameter of the exported function HerokuAddonPoolid, app, opt can be controlled by users without any sanitization. PoC var Root =...