Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2021-4279 Vulnerability in maven package org.webjars.bower:fast-json-patch
CVE-2019-10361 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release
CVE-2016-8609 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-14195 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-21331 Vulnerability in maven package com.datadoghq:datadog-api-client