6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-38695

CVE-2023-38695: @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact

It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example:

  cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs')

The above will create an ignore-relative-dirs.png three levels up

Patches

Fixed in 8.0.2

Workarounds

Validate all the existing uses of matchImageSnapshot to ensure correct use of the filename argument. Example:

    // snapshot name will be the test title
    cy.matchImageSnapshot();

    // snapshot name will be the name passed in
    cy.matchImageSnapshot('login');

References

https://github.com/simonsmith/cypress-image-snapshot/issues/15

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-38695

CVE-2023-38695:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@simonsmith/cypress-image-snapshot	npm	<= 8.0.1	8.0.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from how snapshot filenames were generated in src/plugin.ts. Before the patch (<=8.0.1), the code used screenshotConfig.name.replace() to clean test failure suffixes but didn't sanitize directory traversal characters. The commit ef49519 fixed this by using path.basename(screenshotConfig.path) instead, which leverages Cypress' pre-sanitized paths. The vulnerable function runImageDiffAfterScreenshot handled user-provided filenames directly, making it the root cause of the path traversal issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-38695: @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact

Patches

Workarounds

References

CVE-2023-38695:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-38695: @simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact

Patches

Workarounds

References

Technical Details

Basic Information

Basic Information

6.5

6.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI