Vulnerability Database
Blog
FAQ
Docs
GHSA-pfrx-2q88-qq97
Source
https://github.com/advisories/GHSA-pfrx-2q88-qq97
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-pfrx-2q88-qq97/GHSA-pfrx-2q88-qq97.json
Aliases
CVE-2022-33987
Published
2022-06-19T00:00:21Z
Modified
2023-11-08T04:09:41.125694Z
Details
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-33987
https://github.com/sindresorhus/got/pull/2047
https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc
https://github.com/sindresorhus/got
https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
https://github.com/sindresorhus/got/releases/tag/v11.8.5
https://github.com/sindresorhus/got/releases/tag/v12.1.0
Affected packages
npm
/
got
Package
Name
got
Affected ranges
Type
SEMVER
Events
Introduced
12.0.0
Fixed
12.1.0
npm
/
got
Package
Name
got
Affected ranges
Type
SEMVER
Events
Introduced
0
The exact introduced commit is unknown
Fixed
11.8.5
GHSA-pfrx-2q88-qq97 - OSV