Description
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/513
Related Vulnerabilities
CVE-2021-32828 Vulnerability in maven package org.nuxeo.ecm.platform:nuxeo-platform-oauth
CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc
CVE-2020-28865 Vulnerability in maven package com.github.kfcfans:powerjob
CVE-2020-2213 Vulnerability in maven package org.jenkins-ci.plugins:whitesource
CVE-2023-41034 Vulnerability in maven package org.eclipse.leshan:leshan-core