0.003 Low
EPSS
Percentile
69.2%
Versions of whereis before 0.4.1 are vulnerable to command injection if untrusted user input is passed into whereis.
whereis
Update to version 0.4.1 or later.
github.com/advisories/GHSA-wjr4-2jgw-hmv8
github.com/vvo/node-whereis/commit/0f64e3780235004fb6e43bfd153ea3e0e210ee2b
hackerone.com/reports/319476
nvd.nist.gov/vuln/detail/CVE-2018-3772
www.npmjs.com/advisories/604