Main Vulnerability Database Vulnerabilities #VU18436

Information disclosure in Harp - CVE-2019-5437

Published: May 13, 2019

Vulnerability identifier: #VU18436

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5437

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: npm Inc.

Affected software:
Harp

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists because server ignores any files or directories that begin with underscore and can be bypassed by url encoding the name of the file or directory that has been forbidden. A remote attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2019-5437

Install updates from vendor's website.

Sources

https://hackerone.com/reports/453820

Information disclosure in Harp - CVE-2019-5437

Detailed vulnerability description

How to mitigate CVE-2019-5437

Sources

Please verify you're human