Description
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
Remediation
References
https://nodesecurity.io/advisories/481
Related Vulnerabilities
CVE-2020-6427 Vulnerability in npm package electron
CVE-2021-41251 Vulnerability in npm package @sap-cloud-sdk/core
CVE-2022-25168 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2021-21641 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2020-26296 Vulnerability in maven package org.webjars.bowergithub.vega:vega