logo

Database

Use of software with malware In pyramid-proportion

Description

Malicious Package in pyramid-proportion Version 1.0.5 of pyramid-proportion contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

Remove the package from your environment. It's also recommended to evaluate your application to determine whether or not user data was compromised.

Users may consider a downgrade to version 1.0.4.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. GCVE-GHSA-v6vv-hhqc-6hh2

References

1. https://www.npmjs.com/advisories/1106

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.