Unauthorized File Access in harp

2019-06-13T16:12:22
ID GHSA-46HV-7769-J7RX
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:36:33

Description

All versions of harp are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as _secret-folder. If the underscore character is URL encoded the server delivers the file.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.