Name of the Vulnerable Software and Affected Versions pyramid-proportion version 1.0.5

Description The issue concerns malicious code in version 1.0.5 of the pyramid-proportion package. When executed in a browser, this code enumerates sensitive fields such as password, cvc, and cardnumber from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations For version 1.0.5, remove the package from your environment and evaluate your application to determine if user data was compromised. Consider downgrading to version 1.0.4 as a temporary measure.