Name of the Vulnerable Software and Affected Versions ember cli babe version 6.16.0

Description The issue concerns malicious code in the ember cli babe package, designed to exploit typographical errors when installing modules. Upon installation, it downloads and executes a file from a remote server, creating a backdoor. This results in the computer being fully compromised, with all stored secrets and keys at risk.

Recommendations For version 6.16.0, remove the package immediately, but be aware that this may not eliminate all malicious software resulting from its installation. Additionally, rotate all secrets and keys stored on the compromised computer from a different, secure computer to prevent further unauthorized access.