CVE-2022-33987

Vulnerable Component Details
Type Namespace Name Version Package URL
npm None got 9.6.0 pkg:npm/got@9.6.0
Vulnerability Details
ID CVE-2022-33987
Description The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Recommendation . || State: fixed | Fix Versions: 11.8.5. || Upgrade to versions 11.8.5, 12.1.0 or above.
Ratings
Severity Score Method Vector Source
5.0 CVSSv2 AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 CVSSv3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index
References / Advisories
Weakness Enumeration