Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-1548

CVE-2022-33987 got: nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets [services-openshift-cluster-manager-default]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Security Tracking Issue

      Do not make this issue public.

      Impact: Moderate
      Reported Date: 28-Jun-2022
      Resolve Bug By: 25-Dec-2022

      In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB

      Flaw:

      CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets
      https://bugzilla.redhat.com/show_bug.cgi?id=2102001

      The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

      https://github.com/sindresorhus/got/pull/2047
      https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0
      https://github.com/sindresorhus/got/releases/tag/v11.8.5

              Unassigned Unassigned
              rhn-support-mjuneau Matthew Juneau
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: