6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
33.2%
@simonsmith/cypress-image-snapshot is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize snapshot filenames, allowing an attacker to create directories or images outside the restricted directory.
CPE | Name | Operator | Version |
---|---|---|---|
@simonsmith/cypress-image-snapshot | le | 8.0.1 | |
@simonsmith/cypress-image-snapshot | le | 8.0.1 |
github.com/advisories/GHSA-vxjg-hchx-cc4g
github.com/simonsmith/cypress-image-snapshot/commit/ef49519795daf5183f4fac6f3136e194f20f39f4
github.com/simonsmith/cypress-image-snapshot/issues/15
github.com/simonsmith/cypress-image-snapshot/releases/tag/8.0.2
github.com/simonsmith/cypress-image-snapshot/security/advisories/GHSA-vxjg-hchx-cc4g