Description
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
Remediation
References
https://hackerone.com/reports/453820
Related Vulnerabilities
CVE-2016-2510 Vulnerability in maven package org.apache-extras.beanshell:bsh
CVE-2020-8149 Vulnerability in npm package logkitty
CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-19697 Vulnerability in npm package editor.md
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web