N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-pg98-6v7f-2xfv

EPSS Score

CWE

CWE-912

Published

11/23/2022

Updated

1/11/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-pg98-6v7f-2xfv

GHSA-pg98-6v7f-2xfv: sweetalert2 v9.17.4 and above contains hidden functionality

sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.

Workaround

Use a version 9.0.0 - 9.17.3 of the package until the maintainer releases a fix.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-pg98-6v7f-2xfv

GHSA-pg98-6v7f-2xfv:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-pg98-6v7f-2xfv

EPSS Score

CWE

CWE-912

Published

11/23/2022

Updated

1/11/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sweetalert2	npm	>= 9.17.4, < 10.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information indicates hidden functionality (protestware) was added in versions 9.17.4-10.0.0, but no specific function names or file paths are disclosed in the advisory or linked resources. The GitHub release notes mention a 'STOP WAR message for Russians' implementation, but this reference points to v11.4.9 (a later version outside the vulnerable range). Without access to the actual code changes in the 9.17.4-10.0.0 range or explicit commit diffs, we cannot confidently identify specific vulnerable functions. The vulnerability manifests through domain-checking and message injection logic, but insufficient technical details are provided to map this to concrete function implementations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-pg98-6v7f-2xfv: sweetalert2 v9.17.4 and above contains hidden functionality

Workaround

GHSA-pg98-6v7f-2xfv:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

GHSA-pg98-6v7f-2xfv: sweetalert2 v9.17.4 and above contains hidden functionality

Workaround

Basic Information

Basic Information

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI