Miggo Logo
Miggo Vulnerability Database
CVE-2023-2479

CVE-2023-2479:
appium-desktop OS Command Injection vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-2479
GHSA ID
GHSA-xq6j-x8pq-g3gr
EPSS Score
0.99703%
CWE
CWE-78
Published
5/2/2023
Updated
11/7/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
appium-desktopnpm<= 1.14.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information contains no actual code patches or specific technical details about vulnerable functions. The referenced commit only modifies documentation (README.md) rather than addressing code vulnerabilities. While the CWE-78 classification indicates OS command injection, the advisory materials lack: 1) Code diffs showing vulnerable functions 2) Specific endpoint/API details 3) Stack traces or exploit methodology details 4) Any file paths to source code beyond the README. Without concrete evidence of specific functions handling untrusted input in command execution contexts, we cannot confidently identify vulnerable functions from the available data.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ppium-**sktop v*.**.* *n* prior is vuln*r**l* to OS *omm*n* Inj**tion.

Reasoning

T** provi*** in*orm*tion *ont*ins no **tu*l *o** p*t***s or sp**i*i* t***ni**l **t*ils **out vuln*r**l* *un*tions. T** r***r*n*** *ommit only mo*i*i*s *o*um*nt*tion (`R***M*.m*`) r*t**r t**n ***r*ssin* *o** vuln*r**iliti*s. W*il* t** *W*-** *l*ssi*i*