CVE-2017-16071

Name of the Vulnerable Software and Affected Versions: nodemailer-js versions all

Description: The issue concerns a malicious module named nodemailer-js that was published with the intent to hijack environment variables, specifically designed to steal and send them to attacker-controlled locations. All versions of this module have been unpublished from the npm registry.

Recommendations: Delete the nodemailer-js package from your environment. Clear your npm cache to ensure no remnants of the package remain. Verify that nodemailer-js is not present in any other package.json files on your system to prevent reinstallation. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables. Review any services that may have been exposed via credentials in your environment variables, such as databases, for indicators of compromise.