CVE-2022-21129

nemo-appium vulnerable to OS Command Injection in npm/nemo-appium

Identifiers

CVE-2022-21129, GHSA-c6rx-gxqv-vr5j

Package Slug

npm/nemo-appium

Vulnerability

nemo-appium vulnerable to OS Command Injection

Description

Versions of the package nemo-appium before 0.0.9 is vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

Affected Versions

All versions before 0.0.9

Solution

Upgrade to version 0.0.9 or above.

Last Modified

2023-02-02

source