3 matches found
CVE-2017-16225
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...
CVE-2017-16225
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...
CVE-2017-16225
The CVE-2017-16225 issue affects the aegir package (Node.js module for JS project automation). Affected versions 12.0.0–12.0.7 reportedly cause the a e g i r - r e l e a s e flow to publish the user’s GitHub token to npm. Root cause is leakage of credentials during release, leading to potential c...