Advisories for Gem/Kompanee-Recipes package

2014

Command injection vulnerability

The file /lib/kompanee-recipes/heroku.rb does not properly escape user controlled input for the 'password', 'user', 'deploy_name', and 'application' variables. A remote attacker, by passing shell metacharacters, may be able to execute arbitrary commands.