Описание
Malicious Package in scroool
Version 0.1.7 of scroool contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=
Recommendation
Remove the package from your environment and evaluate your application to determine whether or not user data was compromised.
Users may consider downgrading to version 0.1.6
Пакеты
Наименование
scroool
npm
Затронутые версииВерсия исправления
= 0.1.7
Отсутствует