Description

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

https://nodesecurity.io/advisories/500

Related Vulnerabilities

CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom

CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5

CVE-2015-0226 Vulnerability in maven package org.apache.ws.security:wss4j

CVE-2022-41236 Vulnerability in maven package org.jenkins-ci.plugins:security-inspector

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory