Directory Listing Information Exposure in npm's Harp Module

Directory Listing Information Exposure in npm's Harp Module

CVE-2019-5437 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.

Learn more about our Cis Benchmark Audit For Server Software.