RSS   Vulnerabilities for 'Theme-core'   RSS

2021-02-23
 
CVE-2020-28432

CWE-77
 

 
All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require("theme-core"); a.utils.sh("touch JHU")

 


Copyright 2024, cxsecurity.com

 

Back to Top