Vulnerability Database
Blog
FAQ
Docs
GHSA-pfrx-2q88-qq97
Suggest an improvement
Source
https://github.com/advisories/GHSA-pfrx-2q88-qq97
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-pfrx-2q88-qq97/GHSA-pfrx-2q88-qq97.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pfrx-2q88-qq97
Aliases
CVE-2022-33987
Related
CGA-jrmv-cgwg-hvwx
Published
2022-06-19T00:00:21Z
Modified
2023-11-01T05:44:48.788606Z
Severity
5.3 (Medium)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Calculator
Summary
Got allows a redirect to a UNIX socket
Details
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-33987
https://github.com/sindresorhus/got/pull/2047
https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc
https://github.com/sindresorhus/got
https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
https://github.com/sindresorhus/got/releases/tag/v11.8.5
https://github.com/sindresorhus/got/releases/tag/v12.1.0
Affected packages
npm
/
got
Package
Name
got
View open source insights on deps.dev
Purl
pkg:npm/got
Affected ranges
Type
SEMVER
Events
Introduced
12.0.0
Fixed
12.1.0
npm
/
got
Package
Name
got
View open source insights on deps.dev
Purl
pkg:npm/got
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
11.8.5
GHSA-pfrx-2q88-qq97 - OSV