Skip to content

sweetalert2 v11.4.9 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Jul 10, 2023

Package

npm sweetalert2 (npm)

Affected versions

>= 11.4.9, < 11.6.14

Patched versions

None

Description

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.

Workaround

Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Jul 10, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-qq6h-5g6j-q3cm

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.