CVE-2019-5437
10.05.2019, 22:29
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.Enginsight
| Vendor | Product | Version |
|---|---|---|
| harpjs | harp | 𝑥 ≤ 0.29.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-548 - Exposure of Information Through Directory ListingA directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.