Miggo Logo
Miggo Vulnerability Database
GHSA-457r-cqc8-9vj9

GHSA-457r-cqc8-9vj9: sweetalert2 v10.16.10 and above contains hidden functionality

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-457r-cqc8-9vj9
EPSS Score
-
CWE
CWE-912
Published
11/23/2022
Updated
1/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
sweetalert2npm>= 10.16.10, < 11.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory explicitly states protestware behavior affecting specific TLDs, and the v11.4.9 release notes reference the 'STOP WAR' message implementation. While exact function names aren't provided in public sources, the core vulnerability stems from domain-checking and content-injection logic added in this version range. The protestware implementation would logically reside in the package's initialization or rendering flow, making the main sweetalert2.js file the most likely location.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`sw**t*l*rt*` v*rsions **.**.** *n* up until **.*.* *r* vuln*r**l* to *i***n *un*tion*lity t**t w*s intro*u*** *y t** m*int*in*r. T** p**k*** outputs *u*io *n*/or vi**o m*ss***s t**t *o not p*rt*in to t** *un*tion*lity o* t** p**k*** *n* is not in*lu

Reasoning

T** **visory *xpli*itly st*t*s prot*stw*r* ****vior *****tin* sp**i*i* TL*s, *n* t** v**.*.* r*l**s* not*s r***r*n** t** 'STOP W*R' m*ss*** impl*m*nt*tion. W*il* *x**t `*un*tion` n*m*s *r*n't provi*** in pu*li* sour**s, t** *or* vuln*r**ility st*ms *