@simonsmith/cypress-image-snapshot@7.0.0 vulnerabilities
Cypress Image Snapshot binds jest-image-snapshot's image diffing logic to Cypress commands.
-
latest version
9.1.0
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
4 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @simonsmith/cypress-image-snapshot package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@simonsmith/cypress-image-snapshot is a Cypress Image Snapshot binds jest-image-snapshot's image diffing logic to Cypress.io commands. Affected versions of this package are vulnerable to Directory Traversal. It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. How to fix Directory Traversal? Upgrade |
<8.0.2
|