CVE-2013-7381

CRITICAL

libnotify < 1.0.4 - Remote Code Execution via libnotify.notify

Title source: llm
STIX 2.1

Description

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

References (4)

Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2014/05/15/2

Scores

CVSS v3 9.8
EPSS 0.0268
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (2)
libnotify_project/libnotify < 1.0.4
npm/libnotify 0 - 1.0.4npm
Published Feb 12, 2020
Tracked Since Feb 18, 2026