### [CVE-2022-21129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21129)
![](https://img.shields.io/static/v1?label=Product&message=nemo-appium&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brighgreen)

### Description

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

### POC

#### Reference
- https://security.snyk.io/vuln/SNYK-JS-NEMOAPPIUM-3183747

#### Github
No PoCs found on GitHub currently.