Description
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Remediation
References
https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
https://github.com/sindresorhus/got/pull/2047
https://github.com/sindresorhus/got/releases/tag/v11.8.5
Related Vulnerabilities
CVE-2022-0122 Vulnerability in npm package node-forge
CVE-2022-36100 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-ui
CVE-2018-21268 Vulnerability in npm package traceroute
CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe
CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis