Description
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
Remediation
References
https://nodesecurity.io/advisories/481
Related Vulnerabilities
CVE-2023-30528 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2021-21685 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source
CVE-2021-26296 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project
CVE-2016-5004 Vulnerability in maven package org.apache.xmlrpc:xmlrpc