Description
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/511
Related Vulnerabilities
CVE-2020-8203 Vulnerability in npm package lodash
CVE-2022-0219 Vulnerability in maven package io.github.skylot:jadx-core
CVE-2019-1003083 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin
CVE-2023-38507 Vulnerability in npm package @strapi/admin
CVE-2018-16469 Vulnerability in maven package org.webjars.npm:merge