CVE-2022-21129, GHSA-c6rx-gxqv-vr5j
npm/nemo-appium
nemo-appium vulnerable to OS Command Injection
Versions of the package nemo-appium before 0.0.9 is vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
All versions before 0.0.9
Upgrade to version 0.0.9 or above.
2023-02-02
source |