Описание
Github Token Leak in aegir
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.
Recommendation
Update to version 12.0.8 or later.
If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.
Пакеты
Наименование
aegir
npm
Затронутые версииВерсия исправления
>= 12.0.0, <= 12.0.7
12.0.8
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.