March 6, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CVE-2020-28432

All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(“theme-core”); a.utils.sh(“touch JHU”)