Описание
Malicious Package in libubx
Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=
Recommendation
Remove the package from your environment and evaluate your application to determine whether or not user data was compromised.
Users may consider downgrading to version 1.0.2
Пакеты
Наименование
libubx
npm
Затронутые версииВерсия исправления
= 1.0.3
Отсутствует