Description
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/517
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package bitconid-rpc
CVE-2021-29262 Vulnerability in maven package org.apache.solr:solr-core
CVE-2019-19771 Vulnerability in npm package coinstrig
CVE-2022-3171 Vulnerability in maven package com.google.protobuf:protobuf-kotlin-lite
CVE-2013-1965 Vulnerability in maven package org.apache.struts:struts2-showcase