Skip to content

sweetalert2 v9.17.4 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm sweetalert2 (npm)

Affected versions

>= 9.17.4, < 10.0.0

Patched versions

None

Description

sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.

Workaround

Use a version 9.0.0 - 9.17.3 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-pg98-6v7f-2xfv
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.