Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2020-27216 Vulnerability in maven package org.mortbay.jetty:jetty
CVE-2022-29078 Vulnerability in maven package org.webjars.npm:ejs
CVE-2019-25103 Vulnerability in npm package simple-markdown
CVE-2018-13339 Vulnerability in npm package angular-redactor
CVE-2022-24613 Vulnerability in maven package com.drewnoakes:metadata-extractor