stream-combine is a malicious package that merged chronological time-based streams.
The code contains malicious functions design to steal credentials and credit card information by searching different forms of passwords, credit card numbers and CVC codes. Then, the information is being uploaded to a remote server using HTML links embedded in the page or form actions. Note: If your application has Content Security Policy set you are not affected by this issue.
Do your applications use this vulnerable package?
- Yeiniel Suarez Sosa
- Snyk ID
- 25 Jan, 2019
- 10 Feb, 2019