Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2020-7632 Vulnerability in npm package node-mpv
CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core
CVE-2022-36077 Vulnerability in npm package electron
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2021-32850 Vulnerability in npm package @claviska/jquery-minicolors