Description
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/513
Related Vulnerabilities
CVE-2020-11612 Vulnerability in maven package io.netty:netty-codec
CVE-2020-10800 Vulnerability in npm package lix
CVE-2022-36908 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer
CVE-2020-8124 Vulnerability in maven package org.webjars.npm:url-parse
CVE-2022-22984 Vulnerability in npm package snyk-python-plugin