Описание
Malicious Package in device-mqtt
Version 1.0.11 of device-mqtt contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=
Recommendation
Remove the package from your environment. It's also recommended to evaluate your application to determine whether or not user data was compromised.
Users may consider downgrading to version 1.0.10
Пакеты
Наименование
device-mqtt
npm
Затронутые версииВерсия исправления
= 1.0.11
Отсутствует