Vuln ID: CVE-2020-28432
Published: 2021-02-23 16:15:12Z
Description: All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")
Source: NVD.NIST.GOV