Unauthorized File Access in harp

ID GHSA-46HV-7769-J7RX
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:36:33


All versions of harp are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as _secret-folder. If the underscore character is URL encoded the server delivers the file.


No fix is currently available. Consider using an alternative module until a fix is made available.