Description
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/510
Related Vulnerabilities
CVE-2020-28482 Vulnerability in npm package fastify-csrf
CVE-2022-39299 Vulnerability in npm package passport-saml
CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jackson
CVE-2022-22143 Vulnerability in npm package convict
CVE-2019-12041 Vulnerability in maven package org.webjars.bower:remarkable