Name of the Vulnerable Software and Affected Versions sj-tw-test-security versions (all versions)

Description The issue concerns malicious code within the software. This code downloads and runs a script, resulting in a reverse shell being opened in the system. Any computer with this package installed should be considered fully compromised, and all secrets and keys stored on it should be rotated immediately from a different computer.

Recommendations Remove the sj-tw-test-security package, however, be aware that this may not remove all malicious software resulting from its installation. As a precaution, consider the computer fully compromised and take necessary steps to secure it, such as rotating all secrets and keys stored on it from a different computer.