cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.
References
Link | Resource |
---|---|
https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4 | Patch |
https://github.com/simonsmith/cypress-image-snapshot/issues/15 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2 | Release Notes |
https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g | Exploit Mitigation Vendor Advisory |
Configurations
History
09 Aug 2023, 13:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (MISC) https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2 - Release Notes | |
References | (MISC) https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4 - Patch | |
References | (MISC) https://github.com/simonsmith/cypress-image-snapshot/issues/15 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g - Exploit, Mitigation, Vendor Advisory | |
First Time |
Simonsmith cypress Image Snapshot
Simonsmith |
|
CPE | cpe:2.3:a:simonsmith:cypress_image_snapshot:*:*:*:*:*:node.js:*:* |
04 Aug 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-04 18:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-38695
Mitre link : CVE-2023-38695
CVE.ORG link : CVE-2023-38695
JSON object : View
Products Affected
simonsmith
- cypress_image_snapshot
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')