Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets
CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui
CVE-2021-39176 Vulnerability in npm package detect-character-encoding
CVE-2019-18212 Vulnerability in maven package org.lsp4xml:lsp4xml-extensions