CVE-2020-11059

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-11059

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11059.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11059

Aliases

GHSA-qfcv-5whw-7pcw

Related

GHSA-qfcv-5whw-7pcw

Published

2020-05-27T21:15:11.127Z

Modified

2026-03-13T22:00:29.739514Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.

References

https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcw

Affected packages

Git / github.com/ipfs/aegir

Affected ranges

Type

GIT

Repo

https://github.com/ipfs/aegir

Events

Introduced

8b2498dbc5eac2f88cefd441f958c7560d2b4b4a

Fixed

fd55d7c0c9da2d33f3b0ccdf6472513f3a77266c

Database specific

{
    "versions": [
        {
            "introduced": "21.7.0"
        },
        {
            "fixed": "21.10.1"
        }
    ]
}

Affected versions

v21.*

v21.10.0

v21.7.0

v21.8.0

v21.8.1

v21.9.0

v21.9.1

v21.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11059.json"