Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2019-19919 Vulnerability in maven package org.webjars.bower:handlebars
CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-storage-script-dev-server
CVE-2019-14653 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md
CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet