Name of the Vulnerable Software and Affected Versions evil-package versions (affected versions not specified)

Description The issue concerns malicious code in the evil-package that uploads the contents of process.env to the "example.com/log" endpoint. There is no indication of further compromise beyond the data upload to the specified host.

Recommendations Remove the evil-package from your environment.