Description
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.
Recommendation
Update the aegir package to the latest compatible version. Followings are version details:
- Affected version(s): >= 12.0.0, <= 12.0.7
- Patched version(s): 12.0.8
References
Related Issues
- LiveQuery protected field leak via shared mutable state across concurrent subscribers - CVE-2026-34363
- fetch(url) leads to a memory leak in undici - CVE-2024-24750
- ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware - CVE-2026-32730
- Parse Server has a password reset token single-use bypass via concurrent requests - CVE-2026-32943
You might also like:
- Tags:
- npm
- aegir
Anything's wrong? Let us know Last updated on January 09, 2023