Malicious Package in angular-location-update

Severity:: High

Description

Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

No fix is available yet. Followings are affected versions:

= 0.0.3

References

GHSA-53jx-4wwh-gcqj
www.npmjs.com

Related Issues

Malicious Package in leaflet-gpx - Vulnerability
Malicious Package in coffee-project - Vulnerability
Malicious Package in ngx-pica - Vulnerability
Malicious Package in vue-backbone - Vulnerability

Tags:: npm; angular-location-update

Anything's wrong? Let us know Last updated on July 27, 2023