CVE-2019-5437
MEDIUM5.3EPSS 0.22%Unauthorized File Access in harp
發布日:2019/6/13修改日:2023/11/8
描述
Affected versions of `harp` are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as `_secret-folder`. If the underscore character is URL encoded the server delivers the file. ## Recommendation Upgrade to version `0.40.2` or later.
受影響套件(1)
- npm/harpfrom 0, < 0.40.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |