mend-bolt-for-github[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
A beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert
Library home page: https://registry.npmjs.org/sweetalert2/-/sweetalert2-11.6.13.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sweetalert2/package.json
Found in HEAD commit: 0cc6aba57881fb76f141c9ce4ca6d8766b10a419
Vulnerabilities
Details
WS-2022-0400
### Vulnerable Library - sweetalert2-11.6.13.tgzA beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert
Library home page: https://registry.npmjs.org/sweetalert2/-/sweetalert2-11.6.13.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sweetalert2/package.json
Dependency Hierarchy: - :x: **sweetalert2-11.6.13.tgz** (Vulnerable Library)
Found in HEAD commit: 0cc6aba57881fb76f141c9ce4ca6d8766b10a419
Found in base branch: master
### Vulnerability Detailssweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.
Publish Date: 2022-11-23
URL: WS-2022-0400
### CVSS 3 Score Details (4.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)