Description
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/501
Related Vulnerabilities
CVE-2020-7009 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2016-5018 Vulnerability in maven package tomcat:jasper-runtime
CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2022-39299 Vulnerability in npm package @node-saml/node-saml
CVE-2022-31172 Vulnerability in npm package @openzeppelin/contracts