81 matches found
GHSA-C6RX-GXQV-VR5J nemo-appium vulnerable to OS Command Injection
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
nemo-appium vulnerable to OS Command Injection
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
CVE-2022-21129
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
Command injection
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
CVE-2022-21129
The CVE-2022-21129 issue affects nemo-appium, where versions prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the module.exports.setup function. The vulnerability is exploitable only if appium-running 0.1.3 is installed as a dependency of nemo-appium. Impac...
CVE-2022-21129
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
CVE-2022-21129
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
CVE-2022-21129
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...
PT-2023-12661 · Unknown · Appium-Running +1
Name of the Vulnerable Software and Affected Versions: nemo-appium versions prior to 0.0.9 Description: The issue arises from improper input sanitization in the module.exports.setup function, leading to Command Injection. To exploit this, appium-running 0.1.3 must be installed as one of...
nemo-appium 安全漏洞
nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. PoC javascript const ...
@akashic/engine-files-reftest (>=3.3.20 <=3.4.1-beta.4), @astound/appium-xcuitest-driver (=2.67.1) +66 more potentially affected by unknown CVE via node-idevice (=0.1.6)
node-idevice NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on node-idevice and may be impacted: - @akashic/engine-files-reftest =3.3.20, =0.1.0, =0.1.0-alpha.0, =0.8.0, =1.9.2-beta2.15, =0.1.5, =0.0.34, =5.7.8, =0.0.0-fake.230, =0.0.1...
GHSA-HC94-2WFR-4PWF appium-chromedriver downloads Resources over HTTP
Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution ...
appium-chromedriver downloads Resources over HTTP
Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution ...
br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...
Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages
Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...
CVE-2016-10557
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
Remote code execution
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
CVE-2016-10557
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
CVE-2016-10557
CVE-2016-10557 affects the Node.js wrapper library appium-chromedriver . Versions below 2.9.4 download binary resources over HTTP, creating susceptibility to man-in-the-middle (MITM) attacks. If an attacker in a privileged network position replaces the downloaded chromedriver binary, remote code ...