Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2018-12418 Vulnerability in maven package com.github.junrar:junrar
CVE-2018-3719 Vulnerability in npm package mixin-deep
CVE-2015-8851 Vulnerability in maven package org.webjars:node-uuid
CVE-2021-26543 Vulnerability in npm package git-parse
CVE-2023-34614 Vulnerability in maven package cc.plural:jsonij