CVE-2020-11059

CRITICAL9.6EPSS 0.37%

Exposure of Sensitive Information to an Unauthorized Actor in AEgir

Published: 5/27/2020Modified: 3/13/2026

Description

### Impact `aegir publish` and `aegir build` may leak secrets from environmental variables in the browser bundle published to npm. ### Patches The code has been patched, users should upgrade to >= 21.10.1 ### Workarounds Run `printenv` to check your environment variables and revoke any secrets. ### For more information If you have any questions or comments about this advisory: * Open an issue in [aegir](https://github.com/ipfs/aegir)

Affected packages (1)

npm/aegir>= 21.7.0, < 21.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-11059
PATCHhttps://github.com/ipfs/aegir
WEBhttps://github.com/ipfs/aegir/commit/e36e1def57b2dc1e4b7a5beba964c5924e87f8d8
WEBhttps://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcw