Name of the Vulnerable Software and Affected Versions colro-name version 9.0.0

Description The issue concerns malicious code in the preinstall script of the affected version, which downloads a file from a remote server, executes it, and opens a backdoor. This allows for potential full compromise of the computer.

Recommendations For version 9.0.0, consider the computer fully compromised and rotate all secrets and keys stored on it immediately from a different computer. Remove the package, but be aware that this may not eliminate all malicious software resulting from its installation.