CVE

CVE-2020-28432

CVE-2020-28432

All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")

Source: CVE-2020-28432

Exit mobile version