Description
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/508
Related Vulnerabilities
CVE-2020-6457 Vulnerability in npm package electron
CVE-2022-25912 Vulnerability in npm package simple-git
CVE-2021-23594 Vulnerability in npm package realms-shim
CVE-2019-10322 Vulnerability in maven package org.jenkins-ci.plugins:artifactory
CVE-2019-10280 Vulnerability in maven package org.jenkins-ci.plugins:assembla-auth