CVE-2023-2479: 
JavaScript vulnerability analysis and mitigation

An OS Command Injection vulnerability was identified in GitHub repository appium/appium-desktop versions prior to v1.22.3-4, tracked as CVE-2023-2479. The vulnerability was discovered and reported on May 2, 2023. This security issue affects the Appium Desktop application, which has since been deprecated and is no longer maintained due to incompatibility with Appium 2.0+ (CVE Mitre).

The vulnerability is classified as an OS Command Injection flaw that could potentially allow remote code execution if Appium Desktop's open ports are exposed to the internet. The issue was particularly concerning as it affected the core functionality of the application (GitHub Commit).

The vulnerability could enable remote code execution by malicious actors if the application's open ports are exposed to the wider internet. This poses a significant security risk to systems running the affected versions of Appium Desktop (GitHub Commit).

Users are strongly advised to discontinue using Appium Desktop and instead switch to the command line Appium server in combination with Appium Inspector. No security fixes are planned for this vulnerability as the project has been deprecated. The recommended alternative is to use Appium and the Appium Inspector as separate components (GitHub Commit).