Description
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/542
Related Vulnerabilities
CVE-2020-15174 Vulnerability in npm package electron
CVE-2023-26113 Vulnerability in npm package collection.js
CVE-2019-12043 Vulnerability in npm package remarkable
CVE-2021-22096 Vulnerability in maven package org.springframework:spring-core
CVE-2023-30529 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search