Описание
Unauthorized File Access in harp
All versions of harp are vulnerable to Unauthorized File Access. If a symlink in the project's base directory points to a file outside of the directory, the file is served. This could allow an attacker to access sensitive files on the server.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Пакеты
Наименование
harp
npm
Затронутые версииВерсия исправления
< 0.40.3
0.40.3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
Path traversal using symlink in npm harp module versions <= 0.29.0.