GHSA-xwg3-gjxh-c8pm

Source

https://github.com/advisories/GHSA-xwg3-gjxh-c8pm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-xwg3-gjxh-c8pm/GHSA-xwg3-gjxh-c8pm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xwg3-gjxh-c8pm

Published

2020-09-03T19:14:32Z

Modified

2023-07-26T23:58:59Z

Summary

Malicious Package in ngx-context-menu

Details

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=

Recommendation

Remove the package from your environment. It's also recommended to evaluate your application to determine whether or not user data was compromised.

Users may consider downgrading to version 0.0.25

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2020-08-31T18:47:26Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
}

References

https://www.npmjs.com/advisories/1105

Affected packages

npm / ngx-context-menu

Package

Name: ngx-context-menu; View open source insights on deps.dev
Purl: pkg:npm/ngx-context-menu

Affected ranges

Affected versions

0.*

0.0.26