Name of the Vulnerable Software and Affected Versions json-serializer version 2.0.10

Description The issue concerns malicious code in version 2.0.10 of the json-serializer package. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations Remove the json-serializer package from your environment and evaluate your application to determine whether user data was compromised.