heroku-env@0.2.0 vulnerabilities

heroku-env ===============

Direct Vulnerabilities

Known vulnerabilities in the heroku-env package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Command Injection

heroku-env is a package that parse the DATABASE_URL from your heroku config and split it out into the PG* environment variables used by psql pg_dump pg_restore and node_postgres

Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js which is required by index.js.

How to fix Command Injection?

There is no fixed version for heroku-env.