CVE-2019-5437 Vulnerability in npm package harp

Description

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

Remediation

References

https://hackerone.com/reports/453820

Related Vulnerabilities

CVE-2022-25758 Vulnerability in npm package scss-tokenizer

CVE-2020-17516 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2022-28135 Vulnerability in maven package org.jvnet.hudson.plugins:instant-messaging

CVE-2021-29442 Vulnerability in maven package com.alibaba.nacos:nacos-common

CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega-functions

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N