Description
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/542
Related Vulnerabilities
CVE-2021-23411 Vulnerability in npm package anchorme
CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2021-21342 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2018-5158 Vulnerability in maven package org.webjars.npm:pdfjs-dist
CVE-2021-23518 Vulnerability in npm package cached-path-relative