CVE-2019-5437: Information Exposure Through Directory Listing

May 10, 2019 (updated October 9, 2019)

Information exposure through the directory listing in npm’s harp module allows to access files that are supposed to be ignored according to the harp server rules.

References

hackerone.com/reports/453820
nvd.nist.gov/vuln/detail/CVE-2019-5437

Detect and mitigate CVE-2019-5437 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →