Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
sweetalert2
versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.
Workaround
Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.
Permalink: https://github.com/advisories/GHSA-qq6h-5g6j-q3cmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: 9 months ago
Identifiers: GHSA-qq6h-5g6j-q3cm
References:
- https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
- https://www.npmjs.com/package/sweetalert2
- https://github.com/advisories/GHSA-qq6h-5g6j-q3cm
Blast Radius: 0.0
Affected Packages
npm:sweetalert2
Dependent packages: 1,129Dependent repositories: 76,801
Downloads: 2,293,985 last month
Affected Version Ranges: >= 11.4.9, < 11.6.14
No known fixed version
All affected versions: 11.4.9, 11.4.10, 11.4.11, 11.4.12, 11.4.13, 11.4.14, 11.4.15, 11.4.16, 11.4.17, 11.4.18, 11.4.19, 11.4.20, 11.4.21, 11.4.22, 11.4.23, 11.4.24, 11.4.25, 11.4.26, 11.4.27, 11.4.28, 11.4.29, 11.4.30, 11.4.31, 11.4.32, 11.4.33, 11.4.34, 11.4.35, 11.4.36, 11.4.37, 11.4.38, 11.5.0, 11.5.1, 11.5.2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.4, 11.6.5, 11.6.6, 11.6.7, 11.6.8, 11.6.9, 11.6.10, 11.6.11, 11.6.12, 11.6.13