9.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.2%
Concatenating unsanitized user input in the whereis npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead.
whereis
which
hackerone.com/reports/319476