GHSA-457r-cqc8-9vj9

Suggest an improvement
Source
https://github.com/advisories/GHSA-457r-cqc8-9vj9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-457r-cqc8-9vj9/GHSA-457r-cqc8-9vj9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-457r-cqc8-9vj9
Published
2022-11-23T15:39:50Z
Modified
2022-11-23T15:39:50Z
Summary
sweetalert2 v10.16.10 and above contains hidden functionality
Details

sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.

Workaround

Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.

Database specific 
{
    "nvd_published_at": null,
    "severity": "LOW",
    "github_reviewed_at": "2022-11-23T15:39:50Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-912"
    ]
}
References

Affected packages

npm / sweetalert2

Package

Name
sweetalert2
View open source insights on deps.dev
Purl
pkg:npm/sweetalert2

Affected ranges

Type
SEMVER
Events
Introduced
10.16.10

Database specific 

{
    "last_known_affected_version_range": "< 11.0.0"
}