EUVD-2019-0510

Malware in sbrugna...

GHSA-CX7R-634M-2Q2H Cross-Site Scripting in harp

Withdrawn This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate. Original advisory description All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine,...

@gkatsev/grunt-harp (>=0.18.0 <=0.19.0), @mobify/documentation-theme (>=1.11.3 <=2.0.0-preview.2-dev) +20 more potentially affected by CVE-2019-5438 via harp (>=0.11.2 <=0.32.0)

harp NPM version =0.11.2, =0.18.0, =1.11.3, =1.11.3, =0.0.3, =0.0.8, =0.0.1, =0.0.1, =0.0.1-1, =0.0.1, =0.1.0, =0.1.0, =0.2.9 - n-p-m =1.1.0 and more Source cves: CVE-2019-5438 Source advisory: OSV:GHSA-6FMM-47QC-P4M4...

@gkatsev/grunt-harp (>=0.18.0 <=0.19.0), @mobify/documentation-theme (>=1.11.3 <=2.0.0-preview.2-dev) +20 more potentially affected by CVE-2019-5437 via harp (>=0.11.2 <=0.32.0)

harp NPM version =0.11.2, =0.18.0, =1.11.3, =1.11.3, =0.0.3, =0.0.8, =0.0.1, =0.0.1, =0.0.1-1, =0.0.1, =0.1.0, =0.1.0, =0.2.9 - n-p-m =1.1.0 and more Source cves: CVE-2019-5437 Source advisory: OSV:GHSA-46HV-7769-J7RX...

@gkatsev/grunt-harp (>=0.18.0 <=0.19.0), @mobify/documentation-theme (>=1.11.3 <=2.0.0-preview.2-dev) +20 more potentially affected by CVE-2019-5437 via harp (>=0.11.2 <=0.32.0)

harp NPM version =0.11.2, =0.18.0, =1.11.3, =1.11.3, =0.0.3, =0.0.8, =0.0.1, =0.0.1, =0.0.1-1, =0.0.1, =0.1.0, =0.1.0, =0.2.9 - n-p-m =1.1.0 and more Source cves: CVE-2019-5437 Source advisory: SNYK:JS-HARP-174149...

Information Exposure

Overview harp is a zero-configuration web server with built in pre-processing. Affected versions of this package are vulnerable to Information Exposure. The documentation explicitly mentions that files or directories with names that start with an underscore are ignored by the server and are not...