Skip to content

sweetalert2 v8.19.1 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

npm sweetalert2 (npm)

Affected versions

>= 8.19.1, < 9.0.0

Patched versions

None

Description

sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.

Workaround

Use a version < 8.19.1 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-8jh9-wqpf-q52c
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.