Description
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/508
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package babel-laoder
CVE-2021-33623 Vulnerability in npm package trim-newlines
CVE-2021-22204 Vulnerability in npm package exiftool-vendored
CVE-2019-20174 Vulnerability in maven package org.webjars.npm:auth0-lock
CVE-2019-12043 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable