{"id": "GHSA-CXCF-78MR-WPG7", "bulletinFamily": "software", "title": "Malicious Package in oauth-validator", "description": "Version 1.0.2 of `oauth-validator` contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to `https://js-metrics.com/minjs.php?pl=`\n\n\n\n## Recommendation\n\nIf version 1.0.2 of this module is found installed you will want to replace it with a version before or after 1.0.2. In addition to replacing the installed module, you will also want to evaluate your application to determine whether or not user data was compromised.", "published": "2020-09-01T20:29:59", "modified": "2020-09-01T20:29:59", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-cxcf-78mr-wpg7", "reporter": "GitHub Advisory Database", "references": ["https://github.com/advisories/GHSA-cxcf-78mr-wpg7", "https://www.npmjs.com/advisories/632"], "cvelist": [], "type": "github", "lastseen": "2020-09-01T23:57:44", "edition": 1, "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-CXCF-78MR-WPG7"]}, {"type": "nodejs", "idList": ["NODEJS:632"]}], "modified": "2020-09-01T23:57:44", "rev": 2}, "score": {"value": 2.9, "vector": "NONE", "modified": "2020-09-01T23:57:44", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": [{"name": "oauth-validator", "operator": "lt", "version": "1.0.1"}]}

{}