CVE-2023-38695

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 4, 2023

Updated: Aug 9, 2023

CWE ID 22

Summary

CVE-2023-38695 is a vulnerability affecting the cypress-image-snapshot library used for visual regressions testing in Cypress with jest-image-snapshot. Before version 8.0.2, this tool allowed users to input relative file paths for snapshot names, potentially enabling them to access files outside of their project directories on the testing machine. This issue has been mitigated in the latest version, 8.0.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sGjjRX
https://www.cve.org/CVERecord?id=CVE-2023-38695
https://nvd.nist.gov/vuln/detail/CVE-2023-38695

Back to Vulnerability Database

CVE-2023-38695

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations