[Pkg-javascript-devel] Bug#1013264: Bug#1013264: node-got: CVE-2022-33987
Yadd
yadd at debian.org
Wed Jun 29 15:33:09 BST 2022
On 20/06/2022 13:12, Moritz Mühlenhoff wrote:
> Source: node-got
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for node-got.
>
> CVE-2022-33987[0]:
> | The got package before 12.1.0 for Node.js allows a redirect to a UNIX
> | socket.
>
> https://github.com/sindresorhus/got/pull/2047
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-33987
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
>
> Please adjust the affected versions in the BTS as needed.
Hi,
sorry for the delay, fixed in upstream and Bullseye-PU sent
Cheers,
Yadd
More information about the Pkg-javascript-devel
mailing list