Name of the Vulnerable Software and Affected Versions tensorplow versions (affected versions not specified)

Description The issue concerns malicious code in the tensorplow package, which executes a preinstall script that calls home to a Command and Control server. This allows for the execution of arbitrary commands, potentially leading to full compromise of the computer. Secrets and keys stored on affected computers are at risk.

Recommendations Remove the tensorplow package, however, be aware that this may not remove all malicious software resulting from its installation. Consider the computer fully compromised and rotate all secrets and keys stored on it immediately from a different computer.