Description
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/513
Related Vulnerabilities
CVE-2017-7688 Vulnerability in maven package org.apache.openmeetings:openmeetings-core
CVE-2023-49486 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-29219 Vulnerability in npm package @chainsafe/lodestar
CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui