Malicious Package in coffee-project

Description

Version 1.7.5 of coffee-project contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

No fix is available yet. Followings are affected versions:

• = 1.7.5

References

• GHSA-3fv6-q5xv-fhpw
• www.npmjs.com

Related Issues

• Malicious Package in leaflet-gpx - Vulnerability
• Malicious Package in ngx-pica - Vulnerability
• Malicious Package in angular-location-update - Vulnerability
• Malicious Package in vue-backbone - Vulnerability

Tags:

npm

coffee-project