Описание
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.
Ссылки
- https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4Patch
- ExploitIssue TrackingPatchThird Party Advisory
- Release Notes
- ExploitMitigationVendor Advisory
- https://github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4Patch
- ExploitIssue TrackingPatchThird Party Advisory
- Release Notes
- ExploitMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.2 (исключая)
cpe:2.3:a:simonsmith:cypress_image_snapshot:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 52%
0.00296
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
EPSS
Процентиль: 52%
0.00296
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-22