0.003 Low
EPSS
Percentile
69.2%
whereis is vulnerable to arbitrary code execution attacks. The application does not properly escape the filename, which is then concatenated to the exec() function, allowing a malicious user to inject and execute arbitrary code.
exec()
hackerone.com/reports/319476