Unauthorized File Access in harp
Moderate severity
GitHub Reviewed
Published
Jun 13, 2019
to the GitHub Advisory Database
•
Updated Sep 7, 2023
Description
Reviewed
Jun 13, 2019
Published to the GitHub Advisory Database
Jun 13, 2019
Last updated
Sep 7, 2023
Affected versions of
harp
are vulnerable to Unauthorized File Access. The package states that it ignores files and directories with names that start with an underscore, such as_secret-folder
. If the underscore character is URL encoded the server delivers the file.Recommendation
Upgrade to version
0.40.2
or later.References