Description
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
Remediation
References
https://hackerone.com/reports/453820
Related Vulnerabilities
CVE-2019-5427 Vulnerability in maven package com.mchange:c3p0
CVE-2020-7763 Vulnerability in npm package phantom-html-to-pdf
CVE-2019-14517 Vulnerability in maven package org.webjars.npm:editor.md
CVE-2019-11002 Vulnerability in maven package org.webjars.npm:materialize-css
CVE-2023-31717 Vulnerability in npm package @frangoteam/fuxa