GHSA-qq6h-5g6j-q3cm

Source

https://github.com/advisories/GHSA-qq6h-5g6j-q3cm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-qq6h-5g6j-q3cm/GHSA-qq6h-5g6j-q3cm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qq6h-5g6j-q3cm

Published

2022-11-23T15:26:43Z

Modified

2025-08-25T17:23:08Z

Summary

sweetalert2 v11.4.9 and above contains hidden functionality

Details

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.

Workaround

Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

Database specific

{
    "nvd_published_at": null,
    "severity": "LOW",
    "github_reviewed_at": "2022-11-23T15:26:43Z",
    "cwe_ids": [
        "CWE-912"
    ],
    "github_reviewed": true
}

References

Affected packages

npm / sweetalert2

Package

Name: sweetalert2; View open source insights on deps.dev
Purl: pkg:npm/sweetalert2

Affected ranges

Type: SEMVER
Events: Introduced

11.4.9

Fixed

11.22.4

Database specific

last_known_affected_version_range

"< 11.6.14"