GHSA-457r-cqc8-9vj9

Опубликовано: 23 нояб. 2022

Источник: github

Github: Прошло ревью

Описание

sweetalert2 v10.16.10 and above contains hidden functionality

sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.

Workaround

Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.

Ссылки

https://github.com/sweetalert2/sweetalert2
https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
https://www.npmjs.com/package/sweetalert2

Пакеты

Наименование

sweetalert2

npm

Затронутые версииВерсия исправления

>= 10.16.10, < 11.0.0

11.22.4

Дефекты

CWE-912

Дефекты

CWE-912