Description
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Remediation
References
https://nodesecurity.io/advisories/540
Related Vulnerabilities
CVE-2022-21803 Vulnerability in maven package org.webjars.npm:nconf
CVE-2021-20085 Vulnerability in npm package backbone-query-parameters
CVE-2018-25031 Vulnerability in npm package swagger-ui
CVE-2018-11698 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2017-2650 Vulnerability in maven package cprice404:pipeline-classpath