OSVDB-108593: Command injection vulnerability

June 30, 2014

The file /lib/kompanee-recipes/heroku.rb does not properly escape user controlled input for the ‘password’, ‘user’, ‘deploy_name’, and ‘application’ variables. A remote attacker, by passing shell metacharacters, may be able to execute arbitrary commands.

References

www.vapid.dhs.org/advisories/kompanee-recipes-0.1.4.html

Detect and mitigate OSVDB-108593 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →