CVE-2022-21129

Summary

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

Affected Software

VendorProductVersion RangeStatus
n/anemo-appium0 < 0.0.9affected

Weaknesses

  • CWE-78: Command Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References