Arbitrary File Access Vulnerability in Cypress-Image-Snapshot

Arbitrary File Access Vulnerability in Cypress-Image-Snapshot

CVE-2023-38695 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.

Learn more about our User Device Pen Test.