Description
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.
Recommendation
Update the aegir package to the latest compatible version. Followings are version details:
- Affected version(s): >= 12.0.0, <= 12.0.7
- Patched version(s): 12.0.8
References
Related Issues
- Regular Expression Denial of Service in debug - CVE-2017-16137
- Denial of Service in mqtt - mqtt - CVE-2017-10910
- Strapi may leak sensitive user information, user reset password, tokens via content-manager views - CVE-2023-36472
- liquidjs may leak properties of a prototype - CVE-2022-25948
You might also like:
- Tags:
- npm
- aegir
Anything's wrong? Let us know Last updated on January 09, 2023


