Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.
Workaround
Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.
Permalink: https://github.com/advisories/GHSA-qq6h-5g6j-q3cmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 6 months ago
Updated: 5 months ago
Identifiers: GHSA-qq6h-5g6j-q3cm
References:
- https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
- https://www.npmjs.com/package/sweetalert2
- https://github.com/advisories/GHSA-qq6h-5g6j-q3cm
Affected Packages
npm:sweetalert2
Versions: >= 11.4.9No known fixed version