GoogleOSV:GHSA-VXJG-HCHX-CC4G@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
45.1%
Impact
It’s possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example:
cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs')
The above will create an ignore-relative-dirs.png three levels up
Patches
Fixed in 8.0.2
Workarounds
Validate all the existing uses of matchImageSnapshot to ensure correct use of the filename argument. Example:
// snapshot name will be the test title
cy.matchImageSnapshot();
// snapshot name will be the name passed in
cy.matchImageSnapshot('login');
References
https://github.com/simonsmith/cypress-image-snapshot/issues/15
References
github.com/simonsmith/cypress-image-snapshot
github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4
github.com/simonsmith/cypress-image-snapshot/issues/15
github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2
github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g
nvd.nist.gov/vuln/detail/CVE-2023-38695
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
45.1%