Malicious Package in jquery-airload

2020-09-03T19:11:17
ID GHSA-78P3-96HC-3J47
Type github
Reporter GitHub Advisory Database
Modified 2020-09-03T19:11:17

Description

Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

Remove the package from your environment. It's also recommended to evaluate your application to determine whether or not user data was compromised.