Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2020-28277 Vulnerability in maven package org.webjars.npm:dset
CVE-2016-9878 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2021-24033 Vulnerability in npm package react-dev-utils
CVE-2022-26049 Vulnerability in maven package com.diffplug.gradle:goomph
CVE-2018-7489 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind