CVE-2019-5437

MEDIUM

harpjs/harp <= 0.29.0 - Information Exposure Through Directory Listing

Title source: llm
STIX 2.1

Description

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/453820

Scores

CVSS v3 5.3
EPSS 0.0131
EPSS Percentile 67.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-548
Status published
Products (2)
harpjs/harp < 0.29.0
npm/harp 0 - 0.40.2npm
Published May 10, 2019
Tracked Since Feb 18, 2026