Description
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-HEROKUENV-1050432
Related Vulnerabilities
CVE-2021-23348 Vulnerability in npm package portprocesses
CVE-2021-32831 Vulnerability in npm package total.js
CVE-2019-9154 Vulnerability in maven package org.webjars.npm:openpgp
CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2010-1622 Vulnerability in maven package org.springframework:spring