Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-16205 Vulnerability in npm package coffescript

Description

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Remediation

References

https://nodesecurity.io/advisories/542

Related Vulnerabilities

CVE-2016-10620 Vulnerability in npm package atom-node-module-installer

CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm

CVE-2016-10661 Vulnerability in npm package phantomjs-cheniu

CVE-2019-9658 Vulnerability in maven package com.puppycrawl.tools:checkstyle

CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-lock

Severity

High

Classification

CWE-506 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory