Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-10
Path traversal using symlink in npm harp module versions <= 0.29.0.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-10