Description
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/487
Related Vulnerabilities
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2019-19771 Vulnerability in npm package bitcroe-lib
CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle
CVE-2020-7598 Vulnerability in maven package org.webjars.npm:minimist
CVE-2017-12962 Vulnerability in maven package org.webjars.npm:node-sass