CVE-2019-5437

Опубликовано: 10 мая 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

Ссылки

https://hackerone.com/reports/453820
Exploit
Third Party Advisory
https://hackerone.com/reports/453820
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:harpjs:harp:*:*:*:*:*:node.js:*:*

Версия до 0.29.0 (включая)

EPSS

Процентиль: 45%

0.00222

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-548

CWE-200

Связанные уязвимости

GHSA-46hv-7769-j7rx