Lucene search
GitHub Advisory DatabaseGHSA-6898-WX94-8JQ8HistoryAug 31, 2020 - 10:50 p.m.
Potential Command Injection in libnotify
2020-08-3122:50:48
CWE-74
GitHub Advisory Database
github.com
41
0.003 Low
EPSS
Percentile
70.2%
Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify.
Untrusted input passed in the call to libnotify.notify could result in execution of shell commands. Callers may be unaware of this.
Example
var libnotify = require('libnotify')
libnotify.notify('UNTRUSTED INPUT', { title: \"\" }, function () {
console.log(arguments);
})
Special thanks to Neal Poole for submitting the pull request to fix this issue.
Recommendation
Update to version 1.0.4 or greater
Related
nodejs
nodejs
Potential Command Injection
2015-10-17 19:41:46
rosalinux
rosalinux
Advisory ROSA-SA-2021-1880
2021-07-02 17:15:24
ubuntucve
ubuntucve
CVE-2013-7381
2020-02-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2013-7381 affecting package libnotify 0.7.9-4
2024-05-19 03:07:23
cvelist
cvelist
CVE-2013-7381
2020-02-12 14:25:23
cve
cve
CVE-2013-7381
2020-02-12 15:15:00
osv
osv
Potential Command Injection in libnotify
2020-08-31 22:50:48
prion
prion
Code injection
2020-02-12 15:15:00
alpinelinux
alpinelinux
CVE-2013-7381
2020-02-12 15:15:00
securityvulns
securityvulns