GHSA-qq6h-5g6j-q3cm

Suggest an improvement
Source
https://github.com/advisories/GHSA-qq6h-5g6j-q3cm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-qq6h-5g6j-q3cm/GHSA-qq6h-5g6j-q3cm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qq6h-5g6j-q3cm
Published
2022-11-23T15:26:43Z
Modified
2022-11-23T15:33:20Z
Summary
sweetalert2 v11.4.9 and above contains hidden functionality
Details

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.

Workaround

Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed_at": "2022-11-23T15:26:43Z",
    "github_reviewed": true,
    "severity": "LOW",
    "cwe_ids": [
        "CWE-912"
    ]
}
References

Affected packages

npm / sweetalert2

Package

Name
sweetalert2
View open source insights on deps.dev
Purl
pkg:npm/sweetalert2

Affected ranges

Type
SEMVER
Events
Introduced
11.4.9

Database specific 

{
    "last_known_affected_version_range": "< 11.6.14"
}