CVE-2020-28432 – All versions of package theme-core are vulnerable to Command Injection via the lib/utils.j …

23 February 2021

Vuln ID: CVE-2020-28432

Published: 2021-02-23 16:15:12Z

Description: All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")

Source: NVD.NIST.GOV

Date:

23 February 2021

Categorie(s):

NVD

Tag(s):

NVD

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds26 April 2024
Threat Modeling and Understanding Inherent Threats – Adam Shostack – ESW #35926 April 2024
Check Point delivers strong quarterly revenue growth but stock drops26 April 2024
Rubrik IPO signals potential cybersecurity-led tech market revival25 April 2024
Foreign states targeting sensitive research at UK universities, MI5 warns25 April 2024