Name of the Vulnerable Software and Affected Versions scroool version 0.1.7

Description The issue concerns malicious code in version 0.1.7 of scroool that, when executed in a browser, extracts sensitive information such as password, cvc, and cardnumber fields from forms and sends this data to the endpoint "https://js-metrics.com/minjs.php?pl=".

Recommendations For version 0.1.7, remove the package from your environment and evaluate your application to determine whether user data was compromised. Consider downgrading to version 0.1.6 as a temporary measure.