What the vulnerability does

01Description

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

Key dates

02Disclosure timeline

May 10, 2019 CVE published
August 4, 2024 Record updated