Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2014-10064 Vulnerability in maven package org.webjars.npm:qs
CVE-2020-2122 Vulnerability in maven package org.jenkins-ci.plugins:brakeman
CVE-2021-26275 Vulnerability in npm package eslint-fixer
CVE-2016-0762 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache