Description
Path traversal using symlink in npm harp module versions <= 0.29.0.
Remediation
References
https://hackerone.com/reports/530289
Related Vulnerabilities
CVE-2019-20149 Vulnerability in npm package kind-of
CVE-2020-35491 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2020-8124 Vulnerability in maven package org.webjars.npm:url-parse
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore