I realize this is similar to another post, however, I am specifically wondering about the impact to Appium Inspector. Perhaps the impact is the same, but I am not clear unfortunately.
According to the included package.json, Appium Inspector is bundled/built with Electron 13.x. This version appears to be vulnerable to the Libwebp exploit. It appears that Electron would need to be updated to at least 25.8.4 to mitigate this.
Would someone be able to confirm one of the following:
- Appium Inspector is not vulnerable due to the way it currently handles webp images
- The package.json is either not updated or I am reading it wrong and Appium Inspector is not bundled with Electron 13 (if the current version included could be confirmed, that would be awesome)
- Appium Inspector is impacted and a patch will be released to address
Again, I may be misreading the previous topic and Appium Inspector uses sharp for webp image processing… I’m happy to be told this as well…