EUVD-2018-0427

Malware in sbrugna...

GHSA-WQH4-27CC-J8F2 nodeffmpeg is malware

The nodeffmpeg package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Unspecified vulnerability in nodeffmpeg

nodeffmpeg is a package for connecting FFmpeg. A security vulnerability exists in nodeffmpeg. An attacker can exploit the vulnerability to steal environment variables...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Malicious Typo-Squatting

nodeffmpeg is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

CVE-2017-16069

nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16069

nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16069

The CVE-2017-16069 case concerns the nodeffmpeg package, identified as malware that hijacks and exfiltrates environment variables. Several sources (npm advisory, GitHub advisory, OSV) confirm that nodeffmpeg was published as malicious, with all versions unpublished from the npm registry, and that...