heroku-env@0.1.1 vulnerabilities

heroku-env ===============

latest version

0.2.0

first published

12 years ago

latest version published

11 years ago

licenses detected

BSD-2-Clause
>=0

View heroku-env package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the heroku-env package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Command Injection heroku-env is a package that parse the DATABASE_URL from your heroku config and split it out into the PG* environment variables used by psql pg_dump pg_restore and node_postgres Affected versions of this package are vulnerable to Command Injection. The injection point is located in `lib/get.js` which is required by `index.js`. How to fix Command Injection? There is no fixed version for `heroku-env`.	*

Command Injection

heroku-env is a package that parse the DATABASE_URL from your heroku config and split it out into the PG* environment variables used by psql pg_dump pg_restore and node_postgres

Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js which is required by index.js.

How to fix Command Injection?

There is no fixed version for heroku-env.

Go back to all versions of this package