Exposure of Sensitive Information to an Unauthorized Actor in AEgir

2020-05-27T21:09:15
ID GHSA-QFCV-5WHW-7PCW
Type github
Reporter GitHub Advisory Database
Modified 2021-01-08T20:15:35

Description

Impact

aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm.

Patches

The code has been patched, users should upgrade to >= 21.10.1

Workarounds

Run printenv to check your environment variables and revoke any secrets.

For more information

If you have any questions or comments about this advisory: * Open an issue in aegir