Affected script: "install-scripts:preinstall"
The script uses curl to send the contents of the '/etc/passwd' file to a remote server. The $(hostname) part dynamically gets the hostname of the system and constructs a URL with it, which is a domain that likely belongs to an attacker. This can leak user information stored in '/etc/passwd', which is a sensitive file containing user account information. The URL suggests the use of a domain generating algorithm or a subdomain for exfiltration, typically used in command and control infrastructure (C2) or for data exfiltration in a security breach. This is a serious security vulnerability as it could lead to information disclosure and potentially be part of a larger attack.
@atea/common-design-components 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.