Name of the Vulnerable Software and Affected Versions jekyll-for-github-projects version 0.2.12

Description The issue concerns malicious code in version 0.2.12 of jekyll-for-github-projects. When executed in a browser, this code enumerates password, cvc, and cardnumber fields from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations Remove the package from your environment and evaluate your application to determine whether or not user data was compromised. Downgrade to version 0.2.11 as a temporary workaround.