Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2020-28461 Vulnerability in npm package js-ini
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash
CVE-2020-7727 Vulnerability in npm package gedi
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2017-18214 Vulnerability in maven package org.webjars.bowergithub.moment:moment