Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.
Workaround
Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.
Permalink: https://github.com/advisories/GHSA-457r-cqc8-9vj9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-457r-cqc8-9vj9
References:
- https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
- https://www.npmjs.com/package/sweetalert2
- https://github.com/advisories/GHSA-457r-cqc8-9vj9
Blast Radius: 0.0
Affected Packages
npm:sweetalert2
Dependent packages: 1,129Dependent repositories: 76,801
Downloads: 2,449,766 last month
Affected Version Ranges: >= 10.16.10, < 11.0.0
No known fixed version
All affected versions: 10.16.10, 10.16.11