{"url":"http://public2.vulnerablecode.io/api/packages/622463?format=json","purl":"pkg:npm/sweetalert2@11.3.0","type":"npm","namespace":"","name":"sweetalert2","version":"11.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.22.4","latest_non_vulnerable_version":"11.22.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110250?format=json","vulnerability_id":"VCID-2m95-znw7-z3dp","summary":"sweetalert2 v10.16.10 and above contains hidden functionality\n`sweetalert2` versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.\n\n### Workaround\nUse a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.","references":[{"reference_url":"https://github.com/sweetalert2/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2"},{"reference_url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9"},{"reference_url":"https://www.npmjs.com/package/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/sweetalert2"},{"reference_url":"https://github.com/advisories/GHSA-457r-cqc8-9vj9","reference_id":"GHSA-457r-cqc8-9vj9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-457r-cqc8-9vj9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65959?format=json","purl":"pkg:npm/sweetalert2@11.22.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4"}],"aliases":["GHSA-457r-cqc8-9vj9","GMS-2022-7150"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m95-znw7-z3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110165?format=json","vulnerability_id":"VCID-e11n-n7xy-afg7","summary":"sweetalert2 v9.17.4 and above contains hidden functionality\n`sweetalert2` versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.\n\n### Workaround\nUsers who are unable to update to the fixed version (11.22.4) can use package versions 9.0.0-9.17.3, as they do not contain the hidden functionality.","references":[{"reference_url":"https://github.com/sweetalert2/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2"},{"reference_url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9"},{"reference_url":"https://www.npmjs.com/package/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/sweetalert2"},{"reference_url":"https://github.com/advisories/GHSA-pg98-6v7f-2xfv","reference_id":"GHSA-pg98-6v7f-2xfv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pg98-6v7f-2xfv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65959?format=json","purl":"pkg:npm/sweetalert2@11.22.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4"}],"aliases":["GHSA-pg98-6v7f-2xfv","GMS-2022-7152"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e11n-n7xy-afg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110226?format=json","vulnerability_id":"VCID-vreg-t4ry-effe","summary":"sweetalert2 v8.19.1 and above contains hidden functionality\n`sweetalert2` versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.\n\n### Workaround\nUsers who are unable to update to the fixed version (11.22.4) can use package versions 8.19.0 and below, as they do not contain the hidden functionality.","references":[{"reference_url":"https://github.com/sweetalert2/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2"},{"reference_url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4"},{"reference_url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9"},{"reference_url":"https://www.npmjs.com/package/sweetalert2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/sweetalert2"},{"reference_url":"https://github.com/advisories/GHSA-8jh9-wqpf-q52c","reference_id":"GHSA-8jh9-wqpf-q52c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jh9-wqpf-q52c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65959?format=json","purl":"pkg:npm/sweetalert2@11.22.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4"}],"aliases":["GHSA-8jh9-wqpf-q52c","GMS-2022-7151"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vreg-t4ry-effe"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.3.0"}