CVE-2022-33987 in got Package
Summary
by MITRE • 06/19/2022
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/23/2025
The vulnerability identified as CVE-2022-33987 affects the got package version 12.1.0 and earlier in Node.js environments, representing a significant security flaw that enables malicious redirection to UNIX domain sockets. This issue stems from insufficient validation of redirect targets within the HTTP client implementation, creating a potential attack vector where an adversary could manipulate the redirection process to direct requests to local UNIX sockets instead of intended remote endpoints. The vulnerability exists in the package's handling of HTTP redirects, specifically when the redirect location contains a UNIX socket path rather than a standard HTTP or HTTPS URL. This flaw allows attackers to potentially access local system resources, bypass network restrictions, and execute unauthorized operations through the redirected connection to UNIX sockets.
The technical implementation of this vulnerability resides in the package's redirect processing logic where it fails to properly validate the scheme and target of redirect locations. When a HTTP response includes a redirect header pointing to a UNIX socket path, the got package accepts this without proper validation, treating it as a valid target for the subsequent request. This behavior violates fundamental security principles of input validation and proper URL scheme checking, creating a path traversal-like condition where local system resources become accessible through network requests. The vulnerability is particularly concerning because UNIX sockets often provide privileged access to system services and can be used to bypass standard network security controls. This issue falls under CWE-20, which describes improper input validation, and specifically relates to CWE-22, which addresses path traversal vulnerabilities. The flaw enables attackers to potentially access system files, execute commands, or gain unauthorized access to services that are normally restricted from network access.
The operational impact of this vulnerability extends beyond simple information disclosure to potentially enable privilege escalation and lateral movement within affected systems. Attackers could exploit this vulnerability to redirect requests to UNIX sockets that provide access to critical system services, databases, or administrative interfaces that are normally only accessible locally. This creates a scenario where network-based attacks can leverage local system resources to achieve unauthorized access to sensitive data or system functionality. The vulnerability is particularly dangerous in containerized environments or systems where UNIX socket access is not properly restricted, as it could allow attackers to bypass container isolation and access host-level services. From an ATT&CK framework perspective, this vulnerability maps to techniques such as T1071.004 for application layer protocol usage and T1068 for local privilege escalation, as the flaw enables attackers to leverage local system resources through network-based attack vectors.
Mitigation strategies for CVE-2022-33987 focus primarily on updating to version 12.1.0 or later of the got package, which includes proper validation of redirect targets to prevent redirection to UNIX socket paths. Organizations should immediately upgrade their Node.js applications that utilize the got package to ensure they are running patched versions that properly validate redirect locations. Additional defensive measures include implementing network segmentation to restrict access to UNIX sockets, monitoring for unusual redirect patterns in application logs, and configuring proper input validation at the application level. Security teams should also consider implementing network-level controls to prevent outbound connections to UNIX socket paths and establish proper access controls for system resources. The vulnerability demonstrates the critical importance of input validation in network libraries and the potential for seemingly minor flaws to create significant security risks in modern application environments. Regular security audits and dependency management practices should include verification of package versions and their security posture to prevent exploitation of similar vulnerabilities in the future.