Command Injection
Overview heroku-env is a package that parse the DATABASEURL from your heroku config and split it out into the PG environment variables used by psql pgdump pgrestore and nodepostgres Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js...