Vulnerability Details CVE-2022-33987
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
- https://github.com/sindresorhus/got/pull/2047
- https://github.com/sindresorhus/got/releases/tag/v11.8.5
- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
- https://github.com/sindresorhus/got/pull/2047
- https://github.com/sindresorhus/got/releases/tag/v11.8.5
Products affected by CVE-2022-33987
-
cpe:2.3:a:got_project:got:*