Description
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/485
Related Vulnerabilities
CVE-2018-16460 Vulnerability in npm package ps
CVE-2016-6345 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-2176 Vulnerability in maven package it.infuse.jenkins:usemango-runner
CVE-2018-16492 Vulnerability in maven package org.webjars.npm:extend