Description
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/541
Related Vulnerabilities
CVE-2020-14966 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2022-0155 Vulnerability in npm package follow-redirects
CVE-2022-41714 Vulnerability in npm package fastest-json-copy
CVE-2019-16562 Vulnerability in maven package org.jenkins-ci.plugins:buildgraph-view
CVE-2021-41183 Vulnerability in maven package org.webjars.bower:jquery-ui