CVE-2017-16225

Name of the Vulnerable Software and Affected Versions: aegir versions 12.0.0 through 12.0.7

Description: The issue concerns aegir, a module for automating JavaScript project management. Affected versions of aegir bundle and publish the current user's GitHub token to npm when aegir-release is executed. This results in the leakage of the GitHub token used by the user who performed the aegir-release.

Recommendations: Update to version 12.0.8 or later. If you used this module to do a release for your project, you should invalidate the GitHub tokens that were leaked.