Skip to content

sweetalert2 v11.4.9 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Jul 10, 2023

Package

npm sweetalert2 (npm)

Affected versions

>= 11.4.9, < 11.6.14

Patched versions

None

Description

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.

Workaround

Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Jul 10, 2023

Severity

Low

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-qq6h-5g6j-q3cm

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.