CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-3772

Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://hackerone.com/reports/319476
https://hackerone.com/reports/319476

Products affected by CVE-2018-3772

Whereis Project » Whereis » Version: 0.0.1

cpe:2.3:a:whereis_project:whereis:0.0.1
Whereis Project » Whereis » Version: 0.0.2

cpe:2.3:a:whereis_project:whereis:0.0.2
Whereis Project » Whereis » Version: 0.2.0

cpe:2.3:a:whereis_project:whereis:0.2.0
Whereis Project » Whereis » Version: 0.2.1

cpe:2.3:a:whereis_project:whereis:0.2.1
Whereis Project » Whereis » Version: 0.3.0

cpe:2.3:a:whereis_project:whereis:0.3.0
Whereis Project » Whereis » Version: 0.4.0

cpe:2.3:a:whereis_project:whereis:0.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-3772

Products

Pricing

Contact Us