Description
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
Remediation
References
https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcw
Related Vulnerabilities
CVE-2018-9159 Vulnerability in maven package com.sparkjava:spark-core
CVE-2019-10370 Vulnerability in maven package org.jenkins-ci.plugins:mask-passwords
CVE-2020-2211 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci
CVE-2006-1547 Vulnerability in maven package struts:struts
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12