Thib3113

**Name of the Vulnerable Software and Affected Versions** cypress-image-snapshot versions prior to 8.0.2 **Description** The issue allows a user to pass a relative file path for the snapshot name, potentially reaching outside of the project directory into the machine running the test. This can be achieved by using relative paths in the `matchImageSnapshot` function, such as `../../../ignore-relative-dirs`, which can create files outside the intended directory. **Recommendations** For versions prior to 8.0.2, update to version 8.0.2 to resolve the issue. As a temporary workaround, validate all existing uses of `matchImageSnapshot` to ensure correct use of the filename argument, and consider using the function without specifying a filename, allowing it to default to the test title, such as `cy.matchImageSnapshot()`.