Description
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/500
Related Vulnerabilities
CVE-2015-5208 Vulnerability in npm package cordova-ios
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-spring2
CVE-2020-6463 Vulnerability in npm package electron
CVE-2019-16303 Vulnerability in npm package generator-jhipster-kotlin
CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream