CVE-2020-28432

CVE-2020-28432

All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")

Source: CVE-2020-28432

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다