Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Got allows a redirect to a UNIX socket #105

Open
1 of 4 tasks
TheKingTermux opened this issue Aug 15, 2022 · 6 comments
Open
1 of 4 tasks

Got allows a redirect to a UNIX socket #105

TheKingTermux opened this issue Aug 15, 2022 · 6 comments
Labels
Auto Create Issues Label for Auto Created Issues do-not-autoclose Make bot can't close an Issues or PRs Moderate This label for Security Severity only Security Label for Security Issues
Milestone
Alice 1.0.6

Comments

@TheKingTermux
Copy link
Owner

Description

The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.

Severity Check

  • Low
  • Moderate
  • High
  • Critical

Severity Number

5.8

CVSS base metrics

  • Attack vector
    Network

  • Attack complexity
    Low

  • Privileges required
    None

  • User interaction
    None

  • Scope
    Unchanged

  • Confidentiality
    None

  • Integrity
    Low

  • Availability
    None

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

  • Weaknesses
    No CWEs

  • CVE ID
    CVE-2022-33987

  • GHSA ID
    GHSA-pfrx-2q88-qq97

Information

  • Package
    got (npm)

  • Affected versions

= 12.0.0, < 12.1.0
< 11.8.5

  • Patched versions
    12.1.0
    11.8.5

References
@TheKingTermux TheKingTermux added Security Label for Security Issues Auto Create Issues Label for Auto Created Issues labels Aug 15, 2022
@TheKingTermux TheKingTermux added this to the Alice 1.0.6 milestone Sep 21, 2022
@github-actions
Copy link

Stale issue message

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 21, 2022
@TheKingTermux
Copy link
Owner Author

P

@github-actions github-actions bot removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 22, 2022
@TheKingTermux TheKingTermux added the do-not-autoclose Make bot can't close an Issues or PRs label Jan 5, 2023
@github-actions
Copy link

github-actions bot commented Mar 6, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 6, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 14, 2023
@TheKingTermux TheKingTermux reopened this Mar 14, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 14, 2023
@TheKingTermux TheKingTermux added the Moderate This label for Security Severity only label May 9, 2023
@github-actions
Copy link

github-actions bot commented Jul 9, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 9, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 17, 2023
@TheKingTermux TheKingTermux reopened this Jul 17, 2023
@github-actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 16, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 23, 2023
@TheKingTermux TheKingTermux reopened this Sep 25, 2023
@github-actions github-actions bot removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 25, 2023
@github-actions GitHub Actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 25, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auto Create Issues Label for Auto Created Issues do-not-autoclose Make bot can't close an Issues or PRs Moderate This label for Security Severity only Security Label for Security Issues
Projects
None yet
Milestone
Alice 1.0.6
Development

No branches or pull requests
1 participant
@TheKingTermux