PT-2020-21396 — Libubx Libubox

PT-2020-21396 · Libubx · Libubox

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions libubx version 1.0.3

Description The issue concerns malicious code in version 1.0.3 of libubx. When executed in a browser, this code enumerates password, cvc, and cardnumber fields from forms and sends the extracted values to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations Remove the package from your environment and evaluate your application to determine whether or not user data was compromised. Consider downgrading to version 1.0.2.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-M7XV-7P93-G6Q8

Affected Products

Libubox