CVE-2017-16225

EPSS 0.30%

Github Token Leak in aegir

發布日:2018/7/24修改日:2023/11/8

描述

Affected versions of `aegir` bundle and publish the current users github token to npm when `aegir-release` is executed. ## Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.

受影響套件(1)

npm/aegir>= 12.0.0, < 12.0.8

參考連結(3)

ADVISORYhttps://github.com/advisories/GHSA-6xhf-x49c-m5m6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16225
WEBhttps://www.npmjs.com/advisories/546