Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/sweetalert2@11.0.7
Typenpm
Namespace
Namesweetalert2
Version11.0.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.22.4
Latest_non_vulnerable_version11.22.4
Affected_by_vulnerabilities
0
url VCID-2m95-znw7-z3dp
vulnerability_id VCID-2m95-znw7-z3dp
summary 
sweetalert2 v10.16.10 and above contains hidden functionality
`sweetalert2` versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.

### Workaround
Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.
references
0
reference_url https://github.com/sweetalert2/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2
1
reference_url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
2
reference_url https://www.npmjs.com/package/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/sweetalert2
3
reference_url https://github.com/advisories/GHSA-457r-cqc8-9vj9
reference_id GHSA-457r-cqc8-9vj9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-457r-cqc8-9vj9
fixed_packages
0
url pkg:npm/sweetalert2@11.22.4
purl pkg:npm/sweetalert2@11.22.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4
aliases GHSA-457r-cqc8-9vj9, GMS-2022-7150
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m95-znw7-z3dp
1
url VCID-e11n-n7xy-afg7
vulnerability_id VCID-e11n-n7xy-afg7
summary 
sweetalert2 v9.17.4 and above contains hidden functionality
`sweetalert2` versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.

### Workaround
Users who are unable to update to the fixed version (11.22.4) can use package versions 9.0.0-9.17.3, as they do not contain the hidden functionality.
references
0
reference_url https://github.com/sweetalert2/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2
1
reference_url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
2
reference_url https://www.npmjs.com/package/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/sweetalert2
3
reference_url https://github.com/advisories/GHSA-pg98-6v7f-2xfv
reference_id GHSA-pg98-6v7f-2xfv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pg98-6v7f-2xfv
fixed_packages
0
url pkg:npm/sweetalert2@11.22.4
purl pkg:npm/sweetalert2@11.22.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4
aliases GHSA-pg98-6v7f-2xfv, GMS-2022-7152
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e11n-n7xy-afg7
2
url VCID-vreg-t4ry-effe
vulnerability_id VCID-vreg-t4ry-effe
summary 
sweetalert2 v8.19.1 and above contains hidden functionality
`sweetalert2` versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.

### Workaround
Users who are unable to update to the fixed version (11.22.4) can use package versions 8.19.0 and below, as they do not contain the hidden functionality.
references
0
reference_url https://github.com/sweetalert2/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2
1
reference_url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4
2
reference_url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
3
reference_url https://www.npmjs.com/package/sweetalert2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/sweetalert2
4
reference_url https://github.com/advisories/GHSA-8jh9-wqpf-q52c
reference_id GHSA-8jh9-wqpf-q52c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jh9-wqpf-q52c
fixed_packages
0
url pkg:npm/sweetalert2@11.22.4
purl pkg:npm/sweetalert2@11.22.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4
aliases GHSA-8jh9-wqpf-q52c, GMS-2022-7151
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vreg-t4ry-effe
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.0.7