CVE-2023-38695: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it’s possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.
References
- github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4
- github.com/simonsmith/cypress-image-snapshot/issues/15
- github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2
- github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g
- nvd.nist.gov/vuln/detail/CVE-2023-38695
Code Behaviors & Features
Detect and mitigate CVE-2023-38695 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →