Description

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.

Remediation

References

https://nodesecurity.io/advisories/546

Related Vulnerabilities

CVE-2022-25767 Vulnerability in maven package com.bstek.ureport:ureport2-console

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2019-10778 Vulnerability in npm package devcert-sanscache

CVE-2017-16102 Vulnerability in npm package serverhuwenhui

CVE-2018-10862 Vulnerability in maven package org.wildfly.core:wildfly-deployment-repository

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory