CVE-2017-16225

EPSS 0.30%

Github Token Leak in aegir

Published: 7/24/2018Modified: 11/8/2023

Description

Affected versions of `aegir` bundle and publish the current users github token to npm when `aegir-release` is executed. ## Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.

Affected packages (1)

npm/aegir>= 12.0.0, < 12.0.8

References (3)

ADVISORYhttps://github.com/advisories/GHSA-6xhf-x49c-m5m6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16225
WEBhttps://www.npmjs.com/advisories/546