Description
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/511
Related Vulnerabilities
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18
CVE-2021-23386 Vulnerability in npm package dns-packet
CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2019-16869 Vulnerability in maven package io.netty:netty-all
CVE-2019-10380 Vulnerability in maven package org.jenkins-ci.plugins:simple-travis-runner