Affected versions of harp
are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as _secret-folder
. If the underscore character is URL encoded the server delivers the file.
Upgrade to version 0.40.2
or later.