CVE-2019-5437 Information

Description

Information exposure through the directory listing in npm’s harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are = 0.29.0 and no fix was applied to our knowledge.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://hackerone.com/reports/453820

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3