Описание
Malicious Package in stream-combine
Version 2.0.2 of stream-combine has malicious code design to steal credentials and credit card information. The code searches all form elements for passwords, credit card numbers and CVC codes. It then uploads the information to a remote server using HTML links embedded in the page or form actions. If your application has Content Security Policy set you are not affected by this issue.
Recommendation
This package is not available on the npm Registry anymore. If you used this module and your application processed credentials or credit card information, it is possible that information was stolen.
Users may consider downgrading to version 2.0.1
Пакеты
Наименование
stream-combine
npm
Затронутые версииВерсия исправления
= 2.0.2
Отсутствует