Description
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/543
Related Vulnerabilities
CVE-2020-7021 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2021-23397 Vulnerability in npm package @ianwalter/merge
CVE-2023-36472 Vulnerability in npm package @strapi/admin
CVE-2017-16172 Vulnerability in npm package section2.madisonjbrooks12