Description
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/509
Related Vulnerabilities
CVE-2019-15478 Vulnerability in npm package status-board
CVE-2021-23337 Vulnerability in maven package org.fujion.webjars:lodash
CVE-2020-8910 Vulnerability in maven package org.webjars.npm:google-closure-library
CVE-2017-9802 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2019-1003039 Vulnerability in maven package org.jenkins-ci.plugins:appdynamics-dashboard