Vulnerability Description
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simonsmith | Cypress Image Snapshot | < 8.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fPatch
- https://github.com/simonsmith/cypress-image-snapshot/issues/15ExploitIssue TrackingPatch
- https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2Release Notes
- https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxExploitMitigationVendor Advisory
- https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fPatch
- https://github.com/simonsmith/cypress-image-snapshot/issues/15ExploitIssue TrackingPatch
- https://github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2Release Notes
- https://github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxExploitMitigationVendor Advisory
FAQ
What is CVE-2023-38695?
CVE-2023-38695 is a vulnerability with a CVSS score of 6.5 (MEDIUM). cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outsi...
How severe is CVE-2023-38695?
CVE-2023-38695 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38695?
Check the references section above for vendor advisories and patch information. Affected products include: Simonsmith Cypress Image Snapshot.