3 matches found
browsertime (>=0.8.1 <=0.8.6), cssnow (=2.0.0) +4 more potentially affected by CVE-2018-3772 via whereis (>=0.2.1 <=0.4.0)
whereis NPM version =0.2.1, =0.8.1, =2.1.2, =0.0.1, =2.42.0-2.9.0, =3.0.0-alpha, =3.0.0-alpha-8 Source cves: CVE-2018-3772 Source advisory: OSV:GHSA-WJR4-2JGW-HMV8...
CVE-2018-3772
Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...
CVE-2018-3772
Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...