Skip to content

sweetalert2 v10.16.10 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm sweetalert2 (npm)

Affected versions

>= 10.16.10, < 11.0.0

Patched versions

None

Description

sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.

Workaround

Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-457r-cqc8-9vj9
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.