Description
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/513
Related Vulnerabilities
CVE-2019-1353 Vulnerability in npm package nodegit
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base
CVE-2023-38691 Vulnerability in npm package matrix-appservice-bridge
CVE-2019-17352 Vulnerability in maven package com.jfinal:jfinal
CVE-2019-10277 Vulnerability in maven package hudson.plugins:starteam