Medium severity5.3NVD Advisory· Published Jun 18, 2022· Updated Jun 17, 2026
CVE-2022-33987
CVE-2022-33987
Description
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gotnpm | >= 12.0.0, < 12.1.0 | 12.1.0 |
gotnpm | < 11.8.5 | 11.8.5 |
Affected products
19- got/gotdescription
- osv-coords18 versionspkg:apk/chainguard/nodejs-14pkg:apk/chainguard/pgadmin4pkg:apk/chainguard/pgadmin4-oci-entrypointpkg:apk/chainguard/pgadmin4-pg12pkg:apk/chainguard/pgadmin4-pg13pkg:apk/chainguard/pgadmin4-pg14pkg:apk/chainguard/pgadmin4-pg15pkg:apk/chainguard/pgadmin4-pg16pkg:apk/chainguard/pgadmin4-pg17pkg:npm/gotpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npm
< 14.21.3-r1+ 17 more
- (no CPE)range: < 14.21.3-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: < 9.1-r1
- (no CPE)range: >= 12.0.0, < 12.1.0
- (no CPE)range: < 1:14.20.0-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 1:14.20.0-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 1:14.20.0-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 1:14.20.0-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 1:16.16.0-1.el9_0
- (no CPE)range: < 2.0.19-2.module_el8.6.0+3261+490666b3
- (no CPE)range: < 23-3.module_el8.5.0+2618+8d46dafd
- (no CPE)range: < 1:6.14.17-1.14.20.0.2.module_el8.6.0+3261+490666b3
Patches
Vulnerability mechanics
References
7- github.com/sindresorhus/got/compare/v12.0.3...v12.1.0nvdPatchThird Party AdvisoryWEB
- github.com/sindresorhus/got/pull/2047nvdPatchThird Party AdvisoryWEB
- github.com/sindresorhus/got/releases/tag/v11.8.5nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-pfrx-2q88-qq97ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-33987ghsaADVISORY
- github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dcghsaWEB
- github.com/sindresorhus/got/releases/tag/v12.1.0ghsaWEB
News mentions
0No linked articles in our index yet.