The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
Information Disclosure
Got
NVD
GitHub
CVSS 3.1
5.3
EPSS
1.9%