Name of the Vulnerable Software and Affected Versions require-ports version 10.4.0

Description The issue concerns a malicious package designed to exploit users who incorrectly type the name of a module to install. When installed, it downloads a file from a remote server, executes it, and opens a backdoor, fully compromising the computer. All secrets and keys stored on the compromised computer should be rotated immediately from a different computer.

Recommendations For version 10.4.0, remove the package, but be aware that this may not remove all malicious software resulting from its installation. Consider the computer fully compromised and take necessary steps to secure it, including rotating all secrets and keys from a different computer.