Description

cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Remediation

References

https://nodesecurity.io/advisories/520

Related Vulnerabilities

CVE-2022-0671 Vulnerability in maven package org.eclipse.lemminx:lemminx-parent

CVE-2023-43502 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing

CVE-2019-10283 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2019-19040 Vulnerability in maven package org.kairosdb:kairosdb

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory