CVE-2020-28432

Name of the Vulnerable Software and Affected Versions: theme-core versions (affected versions not specified)

Description: The issue concerns command injection via the lib/utils.js file in the theme-core package. This file is required by the main entry of the package. Technical details include the use of the sh function within the utils module, which can be exploited. For example, an exploit could involve requiring the theme-core package and then using the utils.sh function to execute system commands, such as creating a file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.