Name of the Vulnerable Software and Affected Versions @impala/bmap version 1.0.3

Description The issue concerns malicious code in version 1.0.3 of the @impala/bmap module. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations If version 1.0.3 of @impala/bmap is found installed, replace it with a version before or after 1.0.3. Additionally, evaluate your application to determine whether user data was compromised.