CVE-2013-7381

Name

CVE-2013-7381

Description

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2014/05/15/2
Broken Link	https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify
Patch	https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448
Mailing List	http://www.openwall.com/lists/oss-security/2014/05/13/1

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libnotify_project:libnotify::::::node.js::*`	libnotify	>= None	< 1.0.4

Source package	Branch	Version	Maintainer	Status
libnotify	edge-community	0.8.8-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
libnotify	edge-community	0.8.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	edge-community	0.8.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	edge-community	0.8.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	edge-community	0.8.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.23-community	0.8.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.23-community	0.8.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.22-community	0.8.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.20-community	0.8.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.19-community	0.8.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.18-community	0.8.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.17-community	0.8.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libnotify	3.11-main	0.7.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable