0.46.1
12 years ago
1 years ago
Known vulnerabilities in the harp package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
harp is a zero-configuration web server with built in pre-processing. Affected versions of this package are vulnerable to Unauthorised File Access. An attacker can access unauthorised files through a symlink served to the system. How to fix Unauthorised File Access? Upgrade | <0.40.2 |
harp is a zero-configuration web server with built in pre-processing. Affected versions of this package are vulnerable to Unauthorized File Access. An attacker can access sensitive files on the server when a symlink in the project's base directory points to a file outside of the directory. How to fix Unauthorized File Access? Upgrade | <0.40.3 |
harp is a zero-configuration web server with built in pre-processing. Affected versions of this package are vulnerable to Information Exposure. The documentation explicitly mentions that files or directories with names that start with an underscore are ignored by the server and are not served to the end user. By using simple URL encoding this verification is bypassed and files or directories that should be ignored are accessible. How to fix Information Exposure? Upgrade | <0.40.2 |