Description
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/543
Related Vulnerabilities
CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors
CVE-2021-23341 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript
CVE-2020-36048 Vulnerability in maven package org.webjars.bower:engine.io