CVE-2019-5438
MEDIUM5.3EPSS 0.22%Unauthorized File Access in harp
發布日:2019/6/13修改日:2023/11/8
描述
All versions of `harp` are vulnerable to Unauthorized File Access. If a symlink in the project's base directory points to a file outside of the directory, the file is served. This could allow an attacker to access sensitive files on the server. ## Recommendation No fix is currently available. Consider using an alternative module until a fix is made available.
受影響套件(1)
- npm/harpfrom 0, < 0.40.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |