Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14cTZqLXg4cHEtZzNncs4AAzDz
appium-desktop OS Command Injection vulnerability
appium-desktop v1.14.1 and prior is vulnerable to OS Command Injection.
Permalink: https://github.com/advisories/GHSA-xq6j-x8pq-g3grJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cTZqLXg4cHEtZzNncs4AAzDz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: 6 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-xq6j-x8pq-g3gr, CVE-2023-2479
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2479
- https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe
- https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4
- https://github.com/advisories/GHSA-xq6j-x8pq-g3gr
Blast Radius: 0.0
Affected Packages
npm:appium-desktop
Dependent packages: 1Dependent repositories: 1
Downloads: 78 last month
Affected Version Ranges: <= 1.14.1
No known fixed version
All affected versions: 1.14.1