Описание
Malicious Package in geoheat
Version 1.3.2 of geoheat contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=
Recommendation
Remove the package from your environment and evaluate your application to determine whether or not user data was compromised.
Users may consider downgrading to version 1.3.1
Пакеты
Наименование
geoheat
npm
Затронутые версииВерсия исправления
= 1.3.2
Отсутствует