CVE-2022-33987

Name
CVE-2022-33987
Description
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/sindresorhus/got/pull/2047
MISC https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
MISC https://github.com/sindresorhus/got/releases/tag/v11.8.5

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:got_project:got:*:*:*:*:*:node.js:*:* got >= None < 11.8.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
got 3.19-community 0.94-r0 omni <omni+alpine@hack.org> possibly vulnerable
got 3.20-community 0.99-r0 omni <omni+alpine@hack.org> possibly vulnerable
got edge-community 0.100-r0 omni <omni+alpine@hack.org> possibly vulnerable