Affected script: "install-scripts:preinstall"
This script collects sensitive information from the user's system such as package information, current directory, home directory, hostname, username, DNS servers, version number etc. and sends it to a remote server through an HTTPS request. This can lead to unauthorized access and disclosure of sensitive user information which is a security vulnerability.