Description
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/510
Related Vulnerabilities
CVE-2019-3772 Vulnerability in maven package org.springframework.integration:spring-integration-ws
CVE-2018-11770 Vulnerability in maven package org.apache.spark:spark-core
CVE-2020-6464 Vulnerability in npm package electron
CVE-2017-3156 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-jose
CVE-2016-8738 Vulnerability in maven package org.apache.struts:struts2-core