VYPR

npm package

harp

pkg:npm/harp

Vulnerabilities (2)

  • CVE-2019-5437May 10, 2019
    affected < 0.40.2fixed 0.40.2

    Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

  • CVE-2019-5438May 10, 2019
    affected < 0.40.3fixed 0.40.3

    Path traversal using symlink in npm harp module versions <= 0.29.0.