Description
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Affected products
- HackerOne / coffeescript node module1.0.1 – 1.0.1
References
- VENDOR_ADVISORYhttps://nodesecurity.io/advisories/543