Description
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
Remediation
References
https://nodesecurity.io/advisories/481
Related Vulnerabilities
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-23702 Vulnerability in npm package object-extend
CVE-2020-28500 Vulnerability in maven package org.webjars.npm:lodash
CVE-2017-20162 Vulnerability in maven package org.webjars.npm:ms
CVE-2019-14837 Vulnerability in maven package org.keycloak:keycloak-services