OS Command Injection in appium/appium-desktop
CVE-2023-2479
9.8CRITICAL
What is CVE-2023-2479?
The vulnerability allows attackers to execute arbitrary OS commands on systems running vulnerable versions of Appium Desktop. This flaw resides in the application’s handling of user input, where insufficient validation allows for command injection. Attackers can exploit this vulnerability by sending specially crafted requests, leading to potential control of the affected system or unauthorized access to sensitive information.
Affected Version(s)
appium/appium-desktop < unspecified
References
EPSS Score
22% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
