Description
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/508
Related Vulnerabilities
CVE-2018-25031 Vulnerability in npm package swagger-ui-dist
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14
CVE-2020-2303 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2021-31409 Vulnerability in maven package com.vaadin:vaadin-compatibility-server
CVE-2018-8008 Vulnerability in maven package org.apache.storm:storm-core