VYPR
Critical severity9.8NVD Advisory· Published Jul 30, 2018· Updated Jun 17, 2026

CVE-2018-3772

CVE-2018-3772

Description

Concatenating unsanitized user input in the whereis npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
whereisnpm
< 0.4.10.4.1

Affected products

2
  • ghsa-coords
    Range: < 0.4.1
  • https://github.com/vvo/whereisv5
    Range: >= 0.4.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.