Description
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/517
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2020-35210 Vulnerability in maven package io.atomix:atomix
CVE-2023-30524 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2021-26117 Vulnerability in maven package org.apache.activemq:artemis-server