Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV

sweetalert2 v8.19.1 and above contains hidden functionality

sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.

Workaround

Use a version < 8.19.1 of the package until the maintainer releases a fix.

Permalink: https://github.com/advisories/GHSA-8jh9-wqpf-q52c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago


Identifiers: GHSA-8jh9-wqpf-q52c
References: Repository: https://github.com/sweetalert2/sweetalert2
Blast Radius: 0.0

Affected Packages

npm:sweetalert2
Dependent packages: 1,129
Dependent repositories: 76,801
Downloads: 2,501,092 last month
Affected Version Ranges: >= 8.19.1, < 9.0.0
No known fixed version
All affected versions: 8.19.1