Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2019-10346 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status
CVE-2022-0198 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp
CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron
CVE-2018-16478 Vulnerability in npm package simplehttpserver