Vulnerability Details CVE-2023-38695
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.5%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2023-38695
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.0
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.1
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.2
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.3
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.4
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:5.0.5
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:6.0.0
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:6.0.1
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:6.1.0
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:6.1.1
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:7.0.0
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:8.0.0
-
cpe:2.3:a:simonsmith:cypress_image_snapshot:8.0.1