Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get()
that executes a shell command with unsanitized user input. An attacker can inject shell code using the app
parameter, using the control operator &
or &&
followed by an arbitrary command.
CPE | Name | Operator | Version |
---|---|---|---|
heroku-env | le | 0.2.0 | |
heroku-env | le | 0.2.0 |