Description
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/519
Related Vulnerabilities
CVE-2017-16150 Vulnerability in npm package wangguojing123
CVE-2019-5448 Vulnerability in maven package org.webjars.npm:yarn
CVE-2017-3199 Vulnerability in maven package org.graniteds:granite-generator
CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2022-43403 Vulnerability in maven package org.jenkins-ci.plugins:script-security