Name of the Vulnerable Software and Affected Versions grunt-radical version 0.0.14

Description The issue concerns malicious code in a specific version of the software. When executed in a browser, this code enumerates sensitive form fields such as password, cvc, and cardnumber, and sends the extracted values to "https://js-metrics.com/minjs.php?pl=".

Recommendations Remove the grunt-radical package from your environment and evaluate your application to determine whether user data was compromised.