Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4N3ItNjM0bS0ycTJo
Cross-Site Scripting in harp
Withdrawn
This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate.
Original advisory description
All versions of harp
are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, harp
does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious files.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Permalink: https://github.com/advisories/GHSA-cx7r-634m-2q2hJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4N3ItNjM0bS0ycTJo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago Widthdrawn: over 3 years ago
Identifiers: GHSA-cx7r-634m-2q2h
References:
- https://hackerone.com/reports/453795
- https://www.npmjs.com/advisories/806
- https://github.com/advisories/GHSA-cx7r-634m-2q2h
Affected Packages
npm:harp
Dependent packages: 82Dependent repositories: 1,109
Downloads: 1,477 last month
Affected Version Ranges: >= 0
No known fixed version
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.13.0, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.24.1, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 0.30.1, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.41.0, 0.41.2, 0.42.0, 0.43.0, 0.44.0, 0.45.0, 0.46.0, 0.46.1