9 matches found
EUVD-2023-2366
Malicious code in bioql PyPI...
CVE-2023-38695
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...
CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...
CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names
cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...
CVE-2023-38695
CVE-2023-38695 affects the cypress-image-snapshot plugin (used with Cypress). The vulnerability allows a user to pass a relative file path as the snapshot name, enabling path traversal outside the project directory on the machine running tests. This is mitigated by upgrading to version 8.0.2 or l...
cypress-image-snapshot path traversal vulnerability
cypress-image-snapshot is an image snapshot plugin from the individual developer Simon Smith. A path traversal vulnerability exists in cypress-image-snapshot, which stems from a vulnerability that could allow a user to pass a relative file path as a snapshot name and access machines outside of th...
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...
GHSA-VXJG-HCHX-CC4G @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...
PT-2023-26560 · Unknown · Cypress-Image-Snapshot
Name of the Vulnerable Software and Affected Versions: cypress-image-snapshot versions prior to 8.0.2 Description: The issue allows a user to pass a relative file path for the snapshot name, potentially reaching outside of the project directory into the machine running the test. This can be...