Description
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/507
Related Vulnerabilities
CVE-2020-2198 Vulnerability in maven package hudson.plugins:project-inheritance
CVE-2018-1257 Vulnerability in maven package org.springframework:spring-messaging
CVE-2019-9843 Vulnerability in maven package com.diffplug.spotless:spotless-plugin-gradle
CVE-2021-21388 Vulnerability in npm package systeminformation
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina