Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
sweetalert2 versions 11.6.14 and above have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 10 months ago
Updated: 6 months ago
Identifiers: GHSA-mrr8-v49w-3333
References:
- https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
- https://www.npmjs.com/package/sweetalert2
- https://github.com/sweetalert2/sweetalert2/tree/6d02e1095e5d9db1dfa7f0708df6fa13a1b32be3#important-notice-about-usage-of-this-software-for-ru-su-and-%D1%80%D1%84-domain-zones
- https://github.com/advisories/GHSA-mrr8-v49w-3333
Blast Radius: 0.0
Affected Packages
npm:sweetalert2
Dependent packages: 1,129Dependent repositories: 76,801
Downloads: 2,446,617 last month
Affected Version Ranges: >= 11.6.14
No known fixed version
All affected versions: 11.6.14, 11.6.15, 11.6.16, 11.7.0, 11.7.1, 11.7.2, 11.7.3, 11.7.4, 11.7.5, 11.7.6, 11.7.7, 11.7.8, 11.7.9, 11.7.10, 11.7.11, 11.7.12, 11.7.13, 11.7.14, 11.7.15, 11.7.16, 11.7.17, 11.7.18, 11.7.19, 11.7.20, 11.7.21, 11.7.22, 11.7.23, 11.7.24, 11.7.25, 11.7.26, 11.7.27, 11.7.28, 11.7.29, 11.7.30, 11.7.31, 11.7.32, 11.8.0, 11.9.0, 11.9.1, 11.10.0, 11.10.1, 11.10.2, 11.10.3, 11.10.4, 11.10.5, 11.10.6, 11.10.7, 11.10.8