npm package
harp
pkg:npm/harp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5437 | — | < 0.40.2 | 0.40.2 | May 10, 2019 | Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | ||
| CVE-2019-5438 | — | < 0.40.3 | 0.40.3 | May 10, 2019 | Path traversal using symlink in npm harp module versions <= 0.29.0. |
- CVE-2019-5437May 10, 2019affected < 0.40.2fixed 0.40.2
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
- CVE-2019-5438May 10, 2019affected < 0.40.3fixed 0.40.3
Path traversal using symlink in npm harp module versions <= 0.29.0.