Skip to content

[GHSA-8jh9-wqpf-q52c] sweetalert2 v8.19.1 and above contains hidden functionality #6030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: Humni/advisory-improvement-6030
Choose a base branch
from
Open

[GHSA-8jh9-wqpf-q52c] sweetalert2 v8.19.1 and above contains hidden functionality #6030

wants to merge 1 commit into from

Conversation

Humni
Copy link

@Humni Humni commented Aug 19, 2025

Updates

  • Affected products
  • CVSS v3

Comments
patched version not tagged correctly

@Copilot Copilot AI review requested due to automatic review settings August 19, 2025 23:32
Copilot
Copilot AI reviewed Aug 19, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Updates a security advisory for sweetalert2 to correct the patched version tagging and add CVSS v3 scoring information. The changes address the comment that the patched version was not tagged correctly.

  • Updates the modified timestamp to reflect recent changes
  • Adds CVSS v3 severity scoring with a null impact score
  • Corrects the version range format by adding a proper "fixed" event instead of using "last_known_affected_version_range"

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

advisories/github-reviewed/2022/11/GHSA-8jh9-wqpf-q52c/GHSA-8jh9-wqpf-q52c.json
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
Copy link
Preview

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CVSS score shows all impact metrics (Confidentiality, Integrity, Availability) as 'N' (None), which results in a base score of 0.0. This indicates no security impact, which seems inconsistent with classifying this as a security vulnerability. Consider reviewing if this is the appropriate CVSS score for hidden functionality that could affect user trust and application behavior.

Suggested change
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"

Copilot uses AI. Check for mistakes.

@github-actions github-actions bot changed the base branch from main to Humni/advisory-improvement-6030 August 19, 2025 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Humni