Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.
Workaround
Use a version 9.0.0 - 9.17.3 of the package until the maintainer releases a fix.
Permalink: https://github.com/advisories/GHSA-pg98-6v7f-2xfvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-pg98-6v7f-2xfv
References:
- https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
- https://www.npmjs.com/package/sweetalert2
- https://github.com/advisories/GHSA-pg98-6v7f-2xfv
Blast Radius: 0.0
Affected Packages
npm:sweetalert2
Dependent packages: 1,129Dependent repositories: 76,801
Downloads: 2,435,206 last month
Affected Version Ranges: >= 9.17.4, < 10.0.0
No known fixed version
All affected versions: 9.17.4