2 matches found
CVE-2017-16080
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16080
CVE-2017-16080 relates to the npm package nodesass, identified as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The npm registry has unpublished all versions of this package, mitigating ongoing use. Connected advisories (GHSA-xfmw-2vmm-579c, npm ...