npm

Severity: high

Github Token Leak

aegir

Overview

Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.

Remediation

Update to version 12.0.8 or later.

If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Oct 13th, 2017
  2. reported

    Initial report by David Dias
    Oct 12th, 2017