Name of the Vulnerable Software and Affected Versions react-datepicker-plus versions 2.4.3 through 2.4.2

Description The issue concerns malicious code in the affected versions of react-datepicker-plus. When executed in a browser, this code enumerates password, cvc, and cardnumber fields from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations For react-datepicker-plus versions 2.4.3 and 2.4.2, remove the package from your environment and evaluate your application to determine whether user data was compromised.