25 matches found
Malicious Package
Overview Version 1.3.2 of geoheat contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evalua...
Malicious Package
Overview The getcookies module contained a backdoor that would allow for a remote attacker to execute arbitrary commands on the system running the malicious module. Recommendation This module should be uninstalled if found used within an application. In addition to removing the installed module,...
Malicious Package
Overview Version 1.0.2 of csstransformsupport contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found...
Malicious Package
Overview Version 1.7.5 of coffee-project contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.7.5 of this module is found...
Malicious Package
Overview Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installe...