Description
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/500
Related Vulnerabilities
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5
CVE-2015-0226 Vulnerability in maven package org.apache.ws.security:wss4j
CVE-2022-41236 Vulnerability in maven package org.jenkins-ci.plugins:security-inspector