CVE-2013-7381: 
JavaScript vulnerability analysis and mitigation

CVE-2013-7381 affects libnotify versions before 1.0.4 for Node.js. The vulnerability was discovered and disclosed in May 2014, allowing remote attackers to execute arbitrary commands through unspecified characters in calls to the libnotify.notify function (NVD, MITRE).

The vulnerability is classified as an Improper Neutralization of Special Elements in Output Used by a Downstream Component (CWE-74). It received a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level with network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability allows remote attackers to execute arbitrary commands on the affected system, potentially leading to complete system compromise. The high severity scores across confidentiality, integrity, and availability indicate that successful exploitation could result in full system access and control (NVD).

The vulnerability was patched in libnotify version 1.0.4 for Node.js. The fix involved replacing the call to exec with execFile to prevent command injection (GitHub Patch). Users should upgrade to version 1.0.4 or later to mitigate this vulnerability.