appium 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and vendor risk command injection などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-30973 | Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation (extractAllTo() via ZipExtractor.extract()) with a path traversal (Zip Slip) check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with ../ path components to write files outside the intended destination di | [email protected] | 6.5 | 0.06% | 2026-03-10 | 2026-05-07 |
| CVE-2023-2479 | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | [email protected] | 9.8 | 92.73% | 2023-05-02 | 2024-11-21 |
| CVE-2016-10557 | appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | [email protected] | 8.1 | 0.81% | 2018-05-31 | 2024-11-21 |