CVE-2013-7381

Опубликовано: 12 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

Ссылки

http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
Third Party Advisory
https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448
Patch
Third Party Advisory
https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify
Broken Link
http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
Third Party Advisory
https://github.com/mytrile/node-libnotify/commit/dfe7801d73a0dda10663a0ff3d0ec8b4d5f0d448
Patch
Third Party Advisory
https://nodesecurity.io/advisories/libnotify_potential_command_injection_in_libnotify.notify
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libnotify_project:libnotify:*:*:*:*:*:node.js:*:*

Версия до 1.0.4 (исключая)

EPSS

Процентиль: 83%

0.02011

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2013-7381

CVSS3: 9.8

ubuntu

почти 6 лет назад

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

CVE-2013-7381

CVSS3: 9.8

msrc

3 месяца назад

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

GHSA-6898-wx94-8jq8

CVSS3: 9.8

github

больше 5 лет назад

Potential Command Injection in libnotify

EPSS

Процентиль: 83%

0.02011

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74