Description
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/507
Related Vulnerabilities
CVE-2016-10573 Vulnerability in npm package baryton-saxophone
CVE-2017-18197 Vulnerability in npm package mxgraph
CVE-2019-16572 Vulnerability in maven package org.jenkins-ci.plugins:weibo
CVE-2020-5413 Vulnerability in maven package org.springframework.integration:spring-integration
CVE-2020-14968 Vulnerability in maven package org.webjars.bower:jsrsasign