Описание
sweetalert2 v9.17.4 and above contains hidden functionality
sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.
Workaround
Users who are unable to update to the fixed version (11.22.4) can use package versions 9.0.0-9.17.3, as they do not contain the hidden functionality.
Пакеты
Наименование
sweetalert2
npm
Затронутые версииВерсия исправления
>= 9.17.4, < 10.0.0
11.22.4
Дефекты
CWE-912
Дефекты
CWE-912