Description
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/520
Related Vulnerabilities
CVE-2019-10445 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2018-18950 Vulnerability in maven package org.webjars.bowergithub.kindsoft:kindeditor
CVE-2020-6459 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-37695 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-js