Description
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/513
Related Vulnerabilities
CVE-2016-10526 Vulnerability in npm package grunt-gh-pages
CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job
CVE-2022-4350 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2019-10459 Vulnerability in maven package org.jenkins-ci.plugins:mattermost
CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers