Description
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/544
Related Vulnerabilities
CVE-2019-10769 Vulnerability in maven package org.webjars.npm:safer-eval
CVE-2023-34612 Vulnerability in maven package com.helger.commons:ph-json
CVE-2018-12540 Vulnerability in maven package io.vertx:vertx-web
CVE-2021-23484 Vulnerability in npm package zip-local
CVE-2016-1000339 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on