Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4N3ItNjM0bS0ycTJo

Cross-Site Scripting in harp

Withdrawn

This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate.

Original advisory description

All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, harp does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious files.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Permalink: https://github.com/advisories/GHSA-cx7r-634m-2q2h
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4N3ItNjM0bS0ycTJo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago

Widthdrawn: over 3 years ago

Identifiers: GHSA-cx7r-634m-2q2h
References: Blast Radius: 0.0

Affected Packages

npm:harp
Dependent packages: 82
Dependent repositories: 1,109
Downloads: 1,477 last month
Affected Version Ranges: >= 0
No known fixed version
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.13.0, 0.14.0, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.24.1, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 0.30.1, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.41.0, 0.41.2, 0.42.0, 0.43.0, 0.44.0, 0.45.0, 0.46.0, 0.46.1