Miggo Logo
Miggo Vulnerability Database
GHSA-8jh9-wqpf-q52c

GHSA-8jh9-wqpf-q52c: sweetalert2 v8.19.1 and above contains hidden functionality

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-8jh9-wqpf-q52c
EPSS Score
-
CWE
CWE-912
Published
11/23/2022
Updated
1/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
sweetalert2npm>= 8.19.1, < 9.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability involves protestware behavior added in v8.19.1, which injects audio/video messages for specific TLDs. While the exact function name/path isn't explicitly provided in the sources, the commit message 'add STOP WAR message for Russians' (from the linked v11.4.9 release) and npm page description strongly imply a function exists to detect domains and trigger these messages. Confidence is medium because the advisory lacks direct code references, but the protestware behavior is explicitly documented as introduced in the affected versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`sw**t*l*rt*` v*rsions *.**.* *n* up until *.*.* *r* vuln*r**l* to *i***n *un*tion*lity t**t w*s intro*u*** *y t** m*int*in*r. T** p**k*** outputs *u*io *n*/or vi**o m*ss***s t**t *o not p*rt*in to t** *un*tion*lity o* t** p**k*** *n* is not in*lu***

Reasoning

T** vuln*r**ility involv*s prot*stw*r* ****vior ***** in v*.**.*, w*i** inj**ts *u*io/vi**o m*ss***s *or sp**i*i* TL*s. W*il* t** *x**t *un*tion n*m*/p*t* isn't *xpli*itly provi*** in t** sour**s, t** *ommit m*ss*** '*** STOP W*R m*ss*** *or Russi*ns