GHSA-2vqq-jgxx-fxjc

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Malicious Package in motiv.scss

Version 0.4.20 of motiv.scss contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

Remove the package from your environment and evaluate your application to determine whether or not user data was compromised.

Ссылки

https://www.npmjs.com/advisories/939

Пакеты

Наименование

motiv.scss

npm

Затронутые версииВерсия исправления

= 0.4.20

0.4.21

9.8 Critical

CVSS3

Дефекты

CWE-506

9.8 Critical

CVSS3

Дефекты

CWE-506