Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aGYteDQ5Yy1tNW02
Github Token Leak in aegir
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.
Recommendation
Update to version 12.0.8 or later.
If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.
Permalink: https://github.com/advisories/GHSA-6xhf-x49c-m5m6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aGYteDQ5Yy1tNW02
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 6 years ago
Updated: over 1 year ago
Identifiers: GHSA-6xhf-x49c-m5m6, CVE-2017-16225
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-16225
- https://github.com/advisories/GHSA-6xhf-x49c-m5m6
- https://www.npmjs.com/advisories/546
Affected Packages
npm:aegir
Dependent packages: 763Dependent repositories: 803
Downloads: 15,712 last month
Affected Version Ranges: >= 12.0.0, <= 12.0.7
Fixed in: 12.0.8
All affected versions: 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 10.0.0, 11.0.0, 11.0.1, 11.0.2, 12.0.8, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.2.0, 12.3.0, 12.4.0, 13.0.0, 13.0.1, 13.0.5, 13.0.6, 13.0.7, 13.1.0, 14.0.0, 15.0.0, 15.0.1, 15.1.0, 15.2.0, 15.3.0, 15.3.1, 17.0.0, 17.0.1, 17.1.0, 17.1.1, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.1.0, 18.1.1, 18.2.0, 18.2.1, 18.2.2, 19.0.0, 19.0.3, 19.0.4, 19.0.5, 20.0.0, 20.1.0, 20.2.0, 20.3.0, 20.3.1, 20.3.2, 20.4.0, 20.4.1, 20.5.0, 20.5.1, 20.6.0, 20.6.1, 21.0.0, 21.0.1, 21.0.2, 21.1.0, 21.2.0, 21.3.0, 21.3.2, 21.3.3, 21.4.0, 21.4.1, 21.4.2, 21.4.3, 21.4.4, 21.4.5, 21.5.0, 21.5.1, 21.6.0, 21.7.0, 21.8.0, 21.8.1, 21.9.0, 21.9.1, 21.9.2, 21.10.0, 21.10.1, 21.10.2, 22.0.0, 22.1.0, 23.0.0, 24.0.0, 25.0.0, 25.1.0, 26.0.0, 27.0.0, 28.0.0, 28.0.1, 28.0.2, 28.1.0, 28.2.0, 29.0.0, 29.0.1, 29.1.0, 29.2.0, 29.2.1, 29.2.2, 30.0.1, 30.1.0, 30.2.0, 30.3.0, 31.0.0, 31.0.1, 31.0.3, 31.0.4, 32.0.0, 32.0.1, 32.0.2, 32.1.0, 32.2.0, 33.0.0, 33.1.0, 33.1.1, 33.1.2, 33.2.0, 33.2.1, 33.2.2, 33.2.3, 33.2.4, 34.0.0, 34.0.1, 34.0.2, 34.0.3, 34.1.0, 35.0.0, 35.0.1, 35.0.2, 35.0.3, 35.0.4, 35.1.0, 35.1.1, 35.2.0, 35.2.1, 36.0.0, 36.0.1, 36.0.2, 36.1.0, 36.1.1, 36.1.2, 36.1.3, 36.2.0, 36.2.1, 36.2.2, 36.2.3, 37.0.0, 37.0.1, 37.0.2, 37.0.3, 37.0.4, 37.0.5, 37.0.6, 37.0.7, 37.0.8, 37.0.9, 37.0.10, 37.0.11, 37.0.12, 37.0.13, 37.0.14, 37.0.15, 37.0.16, 37.0.17, 37.1.0, 37.1.1, 37.2.0, 37.2.1, 37.3.0, 37.3.1, 37.4.0, 37.4.1, 37.4.2, 37.4.3, 37.4.4, 37.4.5, 37.4.6, 37.4.7, 37.4.8, 37.5.0, 37.5.1, 37.5.2, 37.5.3, 37.5.4, 37.5.5, 37.5.6, 37.5.7, 37.6.0, 37.6.1, 37.6.2, 37.6.3, 37.6.4, 37.6.5, 37.6.6, 37.6.7, 37.7.0, 37.7.1, 37.7.2, 37.7.3, 37.7.4, 37.7.5, 37.7.6, 37.7.7, 37.7.8, 37.7.9, 37.7.10, 37.7.11, 37.8.0, 37.9.0, 37.9.1, 37.9.2, 37.10.0, 37.10.1, 37.11.0, 37.12.0, 37.12.1, 38.0.0, 38.1.0, 38.1.1, 38.1.2, 38.1.3, 38.1.4, 38.1.5, 38.1.6, 38.1.7, 38.1.8, 39.0.0, 39.0.1, 39.0.2, 39.0.3, 39.0.4, 39.0.5, 39.0.6, 39.0.7, 39.0.8, 39.0.9, 39.0.10, 39.0.11, 39.0.12, 39.0.13, 40.0.0, 40.0.1, 40.0.2, 40.0.3, 40.0.4, 40.0.5, 40.0.6, 40.0.7, 40.0.8, 40.0.9, 40.0.10, 40.0.11, 40.0.12, 40.0.13, 41.0.0, 41.0.1, 41.0.2, 41.0.3, 41.0.4, 41.0.5, 41.0.6, 41.0.7, 41.0.8, 41.0.9, 41.0.10, 41.0.11, 41.0.12, 41.0.13, 41.0.14, 41.0.15, 41.0.16, 41.1.0, 41.1.1, 41.1.2, 41.1.3, 41.1.4, 41.1.5, 41.1.6, 41.1.7, 41.1.8, 41.1.9, 41.1.10, 41.1.11, 41.1.12, 41.1.13, 41.1.14, 41.2.0, 41.3.0, 41.3.1, 41.3.2, 41.3.3, 41.3.4, 41.3.5, 42.0.0, 42.0.1, 42.1.0, 42.1.1, 42.1.2, 42.1.3, 42.2.0, 42.2.1, 42.2.2, 42.2.3, 42.2.4, 42.2.5, 42.2.6, 42.2.7