Description
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/544
Related Vulnerabilities
CVE-2023-26920 Vulnerability in npm package fast-xml-parser
CVE-2023-23847 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity
CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin
CVE-2023-38507 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2017-1000391 Vulnerability in maven package org.jenkins-ci.main:jenkins-core