CVE-2022-33987
Description
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.807
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.18 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.4.0 | Windows |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm | Linux |
| (RHSA-2022:6448) nodejs:14 security and bug fix update npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm | Linux |
| (RHSA-2022:6449) nodejs:16 security and bug fix update npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm | Linux |
| Nodejs update (ELSA-2022-6448) nodejs-14.20.0-2.module+el8.6.0+20729+8fb6d84e.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2022-6448) nodejs-devel-14.20.0-2.module+el8.6.0+20729+8fb6d84e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2022-6448) nodejs-docs-14.20.0-2.module+el8.6.0+20729+8fb6d84e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2022-6448) nodejs-full-i18n-14.20.0-2.module+el8.6.0+20729+8fb6d84e.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2022-6448) nodejs-nodemon-2.0.19-2.module+el8.6.0+20729+8fb6d84e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2022-6448) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2022-6448) npm-6.14.17-1.14.20.0.2.module+el8.6.0+20729+8fb6d84e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2022-6449) nodejs-16.16.0-3.module+el8.6.0+20742+4c4c4b80.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2022-6449) nodejs-devel-16.16.0-3.module+el8.6.0+20742+4c4c4b80.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2022-6449) nodejs-docs-16.16.0-3.module+el8.6.0+20742+4c4c4b80.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2022-6449) nodejs-full-i18n-16.16.0-3.module+el8.6.0+20742+4c4c4b80.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2022-6449) nodejs-nodemon-2.0.19-2.module+el8.6.0+20742+4c4c4b80.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2022-6449) nodejs-packaging-25-1.module+el8.5.0+20388+4b61e68d.noarch.rpm | Linux |
| Npm update (ELSA-2022-6449) npm-8.11.0-1.16.16.0.3.module+el8.6.0+20742+4c4c4b80.x86_64.rpm | Linux |
| Nodejs update (ELSA-2022-6595) nodejs-16.16.0-1.el9_0.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2022-6595) nodejs-docs-16.16.0-1.el9_0.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2022-6595) nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpm | Linux |
| Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.i686.rpm | Linux |
| Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2022-6595) nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm | Linux |
| Npm update (ELSA-2022-6595) npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-16.16.0-1.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.i686.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-docs-16.16.0-1.el9_0.noarch.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.i686.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-nodemon-2.0.19-1.el9_0.noarch.rpm | Linux |
| (RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234