Description
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/498
Related Vulnerabilities
CVE-2020-19676 Vulnerability in maven package com.alibaba.nacos:nacos-api
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2021-21317 Vulnerability in npm package uap-core
CVE-2021-25946 Vulnerability in npm package nconf-toml
CVE-2020-10672 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind