Lucene search
+L

81 matches found

vulnersosv
vulnersosv
added 2026/04/22 8:17 p.m.7 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41675 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41675 Source advisory:...

8.7CVSS5.8AI score0.00408EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/22 8:17 p.m.8 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41675 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41675 Source advisory:...

8.7CVSS5.8AI score0.00408EPSS
Exploits0
ibm
ibm
added 2026/04/07 3:30 p.m.7 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the @appium/support package

Summary Due to the use of the @appium/support package, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability CVE-2026-30973, Vulnerability Details CVEID:CVE-2026-30973 DESCRIPTION: Appium is an automation framework that provides WebDriver-based...

6.5CVSS6AI score0.00388EPSS
Exploits1Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:11 p.m.7 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References1
euvd
euvd
added 2026/03/11 12:22 a.m.5 views

EUVD-2026-10710

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References3
euvd
euvd
added 2026/03/11 12:22 a.m.6 views

EUVD-2026-10709

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References3
github
github
added 2026/03/11 12:22 a.m.9 views

@appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/03/11 12:22 a.m.6 views

GHSA-RFX7-4XW3-GH4M @appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References4
snyk
snyk
added 2026/03/10 8:44 p.m.17 views

Directory Traversal

Overview @appium/support is a Support libs used across Appium packages Affected versions of this package are vulnerable to Directory Traversal in the extractAllTo function. An attacker can write arbitrary files outside the intended extraction directory by supplying a crafted ZIP archive containin...

6.9CVSS6.3AI score0.00388EPSS
Exploits1References2
nvd
nvd
added 2026/03/10 6:18 p.m.7 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS0.00388EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/10 5:33 p.m.30 views

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS0.00388EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/10 5:33 p.m.1 views

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/10 5:33 p.m.3 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/03/10 5:33 p.m.53 views

CVE-2026-30973

Appium vulnerability CVE-2026-30973 affects the @appium/support ZIP extraction path. Before 7.0.6, the non-functional path-traversal check in extractAllTo() (ZipExtractor.extract()) creates an Error but never throws it, enabling malicious ZIP entries with ../ components to write outside the desti...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/03/10 5:33 p.m.6 views

CVE-2026-30973 Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.8 views

PT-2026-24342

Name of the Vulnerable Software and Affected Versions Appium versions prior to 7.0.6 Description Appium, an automation framework, has an issue in its ZIP extraction implementation within the @appium/support package. The path traversal check Zip Slip in extractAllTo via ZipExtractor.extract is...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References9
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.6 views

appium 路径遍历漏洞

Appium is an open-source cross-platform application automation testing framework developed by Appium. Versions of Appium prior to 7.0.6 contained a path traversal vulnerability. This vulnerability stemmed from ineffective path traversal checks in the ZIP extraction implementation, which could all...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2
circl
circl
added 2026/03/09 6:51 p.m.6 views

CVE-2026-30973

creationtimestamp| type| source ---|---|--- 2026-03-09 18:51:57+00:00| published-proof-of-concept| https://github.com/appium/appium/security/advisories/GHSA-rfx7-4xw3-gh4m...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/11/25 2:20 p.m.7 views

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

6.9CVSS5.7AI score0.0035EPSS
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0439

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02774EPSS
Exploits1References5
Rows per page
Query Builder