Name of the Vulnerable Software and Affected Versions ember-power-timepicker version 1.0.8

Description The issue concerns malicious code in the ember-power-timepicker package that, when executed in a browser, can extract sensitive information such as password, cvc, and card number fields from forms. This information is then sent to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations For version 1.0.8, remove the package from your environment and evaluate your application to determine whether user data was compromised. Consider downgrading to version 1.0.7 as a temporary measure.