Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2MjctdzM3My0zNzV2

Malicious Package in grunt-radical

Version 0.0.14 of grunt-radical contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

Remove the package from your environment and evaluate your application to determine whether or not user data was compromised.

Permalink: https://github.com/advisories/GHSA-4627-w373-375v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2MjctdzM3My0zNzV2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

Identifiers: GHSA-4627-w373-375v
References:

Blast Radius: 0.0

Affected Packages

npm:grunt-radical

Dependent packages: 7
Dependent repositories: 7
Downloads: 15 last month
Affected Version Ranges: = 0.0.14
Fixed in: 0.0.13
All affected versions:
All unaffected versions: 0.0.6, 0.0.7, 0.0.8, 0.0.10, 0.0.11, 0.0.12, 0.0.13