harp@0.2.3 vulnerabilities

Static Web Server/Generator/Bundler

  • latest version

    0.46.1

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    1 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the harp package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Unauthorised File Access

    harp is a zero-configuration web server with built in pre-processing.

    Affected versions of this package are vulnerable to Unauthorised File Access. An attacker can access unauthorised files through a symlink served to the system.

    How to fix Unauthorised File Access?

    Upgrade harp to version 0.40.2 or higher.

    <0.40.2
    • H
    Unauthorized File Access

    harp is a zero-configuration web server with built in pre-processing.

    Affected versions of this package are vulnerable to Unauthorized File Access. An attacker can access sensitive files on the server when a symlink in the project's base directory points to a file outside of the directory.

    How to fix Unauthorized File Access?

    Upgrade harp to version 0.40.3 or higher.

    <0.40.3
    • M
    Information Exposure

    harp is a zero-configuration web server with built in pre-processing.

    Affected versions of this package are vulnerable to Information Exposure. The documentation explicitly mentions that files or directories with names that start with an underscore are ignored by the server and are not served to the end user. By using simple URL encoding this verification is bypassed and files or directories that should be ignored are accessible.

    How to fix Information Exposure?

    Upgrade harp to version 0.40.2 or higher.

    <0.40.2