Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2023-31826 Vulnerability in maven package org.skyscreamer:nevado-jms
CVE-2020-7777 Vulnerability in npm package jsen
CVE-2015-8851 Vulnerability in maven package org.webjars:node-uuid
CVE-2018-17145 Vulnerability in npm package bcoin
CVE-2019-16763 Vulnerability in maven package org.webjars.npm:pannellum