N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8jh9-wqpf-q52c

EPSS Score

CWE

CWE-912

Published

11/23/2022

Updated

1/11/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-8jh9-wqpf-q52c

GHSA-8jh9-wqpf-q52c: sweetalert2 v8.19.1 and above contains hidden functionality

sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.

Workaround

Use a version < 8.19.1 of the package until the maintainer releases a fix.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-8jh9-wqpf-q52c

GHSA-8jh9-wqpf-q52c:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-8jh9-wqpf-q52c

EPSS Score

CWE

CWE-912

Published

11/23/2022

Updated

1/11/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sweetalert2	npm	>= 8.19.1, < 9.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability involves protestware behavior added in v8.19.1, which injects audio/video messages for specific TLDs. While the exact function name/path isn't explicitly provided in the sources, the commit message 'add STOP WAR message for Russians' (from the linked v11.4.9 release) and npm page description strongly imply a function exists to detect domains and trigger these messages. Confidence is medium because the advisory lacks direct code references, but the protestware behavior is explicitly documented as introduced in the affected versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-8jh9-wqpf-q52c: sweetalert2 v8.19.1 and above contains hidden functionality

Workaround

GHSA-8jh9-wqpf-q52c:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

Basic Information

Basic Information

GHSA-8jh9-wqpf-q52c: sweetalert2 v8.19.1 and above contains hidden functionality

Workaround

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI