Name of the Vulnerable Software and Affected Versions rpc-websocket versions 0.7.6 and later

Description The issue concerns malicious code in the rpc-websocket package that opens a backdoor to a remote server, allowing the execution of arbitrary commands. This effectively turns the package into a backdoor, compromising the security of the system.

Recommendations For rpc-websocket versions 0.7.6 and later, remove the package immediately. However, due to the potential for full system compromise, simply removing the package may not eliminate all malicious software. It is crucial to consider any computer with these versions installed as fully compromised. Rotate all secrets and keys stored on the compromised computer from a different, secure computer to prevent further unauthorized access.