PT-2022-21949 · Npm+4 · Got+4

Published

2022-06-18

·

Updated

2026-06-04

·

CVE-2022-33987

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions got package versions prior to 12.1.0 got package versions prior to 11.8.5
Description The issue allows a redirect to a UNIX socket. This is related to the got package for Node.js.
Recommendations For versions prior to 12.1.0, update to version 12.1.0 or later. For versions prior to 11.8.5, update to version 11.8.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALSA-2022:6448
ALSA-2022:6595
CESA-2022_6448
CESA-2022_6449
CLEANSTART-2026-AD27625
CLEANSTART-2026-TZ34913
CVE-2022-33987
GHSA-PFRX-2Q88-QQ97
RHSA-2022:6389
RHSA-2022:6448
RHSA-2022:6449
RHSA-2022:6595
RHSA-2022:6985
RHSA-2022_6448
RHSA-2022_6449
RHSA-2022_6595
RLSA-2022:6448
RLSA-2022:6449
RLSA-2022:6595

Affected Products

Almalinux
Centos
Red Hat
Rocky Linux
Got