Описание
Unauthorized File Access in harp
Affected versions of harp are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as _secret-folder. If the underscore character is URL encoded the server delivers the file.
Recommendation
Upgrade to version 0.40.2 or later.
Пакеты
Наименование
harp
npm
Затронутые версииВерсия исправления
< 0.40.2
0.40.2
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.