CVE-2020-11059

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:aegir_project:aegir:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
References () https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcw - Third Party Advisory () https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcw - Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 9.6

Information

Published : 2020-05-27 21:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-11059

Mitre link : CVE-2020-11059

CVE.ORG link : CVE-2020-11059


JSON object : View

Products Affected

aegir_project

  • aegir
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor