Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function.
Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
{ "nvd_published_at": "2023-01-31T05:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2023-02-01T23:47:58Z", "github_reviewed": true, "cwe_ids": [ "CWE-77", "CWE-78" ] }