Description
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/509
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2018-10054 Vulnerability in maven package com.h2database:h2
CVE-2021-21304 Vulnerability in npm package dynamoose
CVE-2020-2166 Vulnerability in maven package de.taimos:pipeline-aws
CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base