44 matches found
Malicious code in @posthog/rrweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7ff62f7afccd552b5eff3833fa122ace1a2f8ef6447e4b372673896063098f The package @posthog/rrweb was found to contain malicious code. Source: ghsa-malware 8278c73c0fa29817d8923864303d2e24c5a7bd038a9f8a2cae587329a3837cab...
MAL-2025-190673 Malicious code in @posthog/rrweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7ff62f7afccd552b5eff3833fa122ace1a2f8ef6447e4b372673896063098f The package @posthog/rrweb was found to contain malicious code. Source: ghsa-malware 8278c73c0fa29817d8923864303d2e24c5a7bd038a9f8a2cae587329a3837cab...
Information Exposure
rrweb is vulnerable to information exposure. The vulnerability exists due to the password html input being set to to type="text" via the show password button, which can result in password exposure...
html inputs of type password recorded in plaintext when converted to text inputs
Impact Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs. A customer may assume that switching to type="text"...