heroku-env@0.2.0 vulnerabilities

heroku-env ===============

latest version

0.2.0
first published

11 years ago
latest version published

10 years ago
licenses detected
- BSD-2-Clause
  >=0
View heroku-env package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the heroku-env package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Command Injection heroku-env is a package that parse the DATABASE_URL from your heroku config and split it out into the PG* environment variables used by psql pg_dump pg_restore and node_postgres Affected versions of this package are vulnerable to Command Injection. The injection point is located in `lib/get.js` which is required by `index.js`. How to fix Command Injection? There is no fixed version for `heroku-env`.	*

Command Injection

heroku-env is a package that parse the DATABASE_URL from your heroku config and split it out into the PG* environment variables used by psql pg_dump pg_restore and node_postgres

Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/get.js which is required by index.js.

How to fix Command Injection?

There is no fixed version for heroku-env.

Go back to all versions of this package

heroku-env@0.2.0 vulnerabilities

heroku-env ===============

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities