Name of the Vulnerable Software and Affected Versions angular-location-update version 0.0.3

Description The issue concerns malicious code in version 0.0.3 of angular-location-update. When executed in a browser, this code enumerates password, cvc, and cardnumber fields from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=". There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For angular-location-update version 0.0.3, remove the package from your environment and evaluate your application to determine whether user data was compromised. Consider downgrading to version 0.0.2 as a temporary measure.