CVE-2022-33987

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-33987
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33987.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-33987
Aliases
Downstream
Related
Published
2022-06-18T20:51:12Z
Modified
2026-06-18T03:54:41.228368028Z
Summary
[none]
Details

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

Database specific 
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33987.json"
}
References

Affected packages

Git / github.com/sindresorhus/got

Affected ranges

Type
GIT
Repo
https://github.com/sindresorhus/got
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ad92afa2eb8d51d46f98491c5ac58b9071fdd67e
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "11.8.5"
        }
    ],
    "source": [
        "DESCRIPTION",
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:got_project:got:*:*:*:*:*:node.js:*:*"
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v10.*
v10.0.0
v10.0.0-alpha.1
v10.0.0-alpha.2
v10.0.0-alpha.3
v10.0.0-beta.1
v10.0.0-beta.2
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.4.0
v10.5.0
v10.5.1
v10.5.2
v10.5.3
v10.5.4
v10.5.5
v10.5.6
v10.5.7
v10.6.0
v10.7.0
v11.*
v11.0.0
v11.0.0-beta.1
v11.0.1
v11.0.2
v11.0.3
v11.1.0
v11.1.1
v11.1.2
v11.1.3
v11.1.4
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.2
v11.6.0
v11.6.1
v11.6.2
v11.7.0
v11.8.0
v12.*
v12.0.0
v12.0.0-beta.1
v12.0.0-beta.2
v12.0.0-beta.3
v12.0.0-beta.4
v12.0.1
v12.0.2
v12.0.3
v12.0.4
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2
v3.*
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.3.1
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.2.0
v5.*
v5.0.0
v5.1.0
v5.2.0
v5.2.1
v5.3.0
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.3.0
v6.5.0
v6.6.0
v6.6.1
v6.6.2
v6.6.3
v6.7.0
v6.7.1
v7.*
v7.1.0
v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.1.0
v8.2.0
v8.3.0
v8.3.1
v9.*
v9.0.0
v9.1.0
v9.2.0
v9.2.1
v9.2.2
v9.3.0
v9.3.1
v9.3.2
v9.4.0
v9.5.0
v9.5.1
v9.6.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33987.json"