Description
All versions of harp are vulnerable to Unauthorized File Access. If a symlink in the project’s base directory points to a file outside of the directory, the file is served. This could allow an attacker to access sensitive files on the server.
Recommendation
Update the harp package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.40.3
- Patched version(s): 0.40.3
References
Related Issues
- Unauthorized File Access in harp - CVE-2019-5437
- Unauthorized Access to Private Fields in User Registration API (GHSA-gc7p-j5xm-xxh2) - CVE-2023-39345
- Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation (GHSA-rg3q-jxmp-pvjj) - CVE-2019-11004
- Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67) - CVE-2019-11002
- Tags:
- npm
- harp
Anything's wrong? Let us know Last updated on September 07, 2023