OS Command Injection in appium/appium-desktop
CVE-2023-2479

9.8CRITICAL

Key Information:

Vendor

Appium

Vendor
CVE Published:
2 May 2023

What is CVE-2023-2479?

The vulnerability allows attackers to execute arbitrary OS commands on systems running vulnerable versions of Appium Desktop. This flaw resides in the application’s handling of user input, where insufficient validation allows for command injection. Attackers can exploit this vulnerability by sending specially crafted requests, leading to potential control of the affected system or unauthorized access to sensitive information.

Affected Version(s)

appium/appium-desktop < unspecified

References

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.