Description

This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-HEROKUENV-1050432

Related Vulnerabilities

CVE-2018-9206 Vulnerability in npm package blueimp-file-upload

CVE-2021-23797 Vulnerability in npm package http-server-node

CVE-2020-24660 Vulnerability in npm package node-lemonldap-ng-handler

CVE-2018-3785 Vulnerability in npm package git-dummy-commit

CVE-2022-24066 Vulnerability in npm package simple-git

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory