Description
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/498
Related Vulnerabilities
CVE-2013-2135 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2022-0086 Vulnerability in npm package uppy
CVE-2017-7683 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2022-25354 Vulnerability in npm package set-in
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox