CVE-2018-3772

Published: 2018-07-30T18:29Z

Last Modified: 2024-11-21T04:06Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt