Description
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/501
Related Vulnerabilities
CVE-2018-3713 Vulnerability in npm package angular-http-server
CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_3
CVE-2022-36889 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework