9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports.setup’ function.
Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CPE | Name | Operator | Version |
---|---|---|---|
paypal:nemo-appium | paypal nemo-appium | lt | 0.0.9 |
[
{
"product": "nemo-appium",
"versions": [
{
"version": "0",
"lessThan": "0.0.9",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%