CVE-2020-28432 – All versions of package theme-core are vulnerable to Command Injection via the lib/utils.j …

Vuln ID: CVE-2020-28432

Published:  2021-02-23  16:15:12Z

Description: All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")

Source: NVD.NIST.GOV