CVE-2018-3772
Concatenating unsanitized user input in the whereis npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead.
9.8CVSS
9.4AI Score
0.003EPSS