harp@0.12.0 vulnerabilities

Static Web Server/Generator/Bundler

Direct Vulnerabilities

Known vulnerabilities in the harp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Unauthorised File Access

harp is a zero-configuration web server with built in pre-processing.

Affected versions of this package are vulnerable to Unauthorised File Access. An attacker can access unauthorised files through a symlink served to the system.

How to fix Unauthorised File Access?

Upgrade harp to version 0.40.2 or higher.

<0.40.2
  • H
Unauthorized File Access

harp is a zero-configuration web server with built in pre-processing.

Affected versions of this package are vulnerable to Unauthorized File Access. An attacker can access sensitive files on the server when a symlink in the project's base directory points to a file outside of the directory.

How to fix Unauthorized File Access?

Upgrade harp to version 0.40.3 or higher.

<0.40.3
  • M
Information Exposure

harp is a zero-configuration web server with built in pre-processing.

Affected versions of this package are vulnerable to Information Exposure. The documentation explicitly mentions that files or directories with names that start with an underscore are ignored by the server and are not served to the end user. By using simple URL encoding this verification is bypassed and files or directories that should be ignored are accessible.

How to fix Information Exposure?

Upgrade harp to version 0.40.2 or higher.

<0.40.2