logo

Database

Use of software with malware In blingjs

Description

Malicious Package in blingjs Version 0.0.4 of blingjs contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

If version 0.0.4 of this module is found installed you will want to replace it with a version before or after 0.0.4. In addition to replacing the installed module, you will also want to evaluate your application to determine whether or not user data was compromised.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. GCVE-GHSA-hfc6-79wv-5hpw

References

1. https://www.npmjs.com/advisories/619

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.