Embedded Malicious Code
CVE-2017-16202
Summary
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-506 - Embedded Malicious Code
The application contains code that appears to be malicious in nature.
References
Advisory Timeline
- Published