Name of the Vulnerable Software and Affected Versions colour-string version 1.5.3

Description The issue concerns malicious code in the preinstall script of the affected software. This code downloads a file from a remote server, executes it, and opens a backdoor, potentially giving an outside entity full control of the computer.

Recommendations For version 1.5.3, consider the computer fully compromised and remove the package. However, removal may not eliminate all malicious software resulting from the installation. Rotate all secrets and keys stored on the compromised computer immediately from a different computer.