Open Closed

Sweetalert malware code #4142


User avatar
0
romkij created

Hello!

We stucking with malware behaviour in opensource library sweetalert.js used in ABP on MVC side. Malware targeted to RU/SU/РФ domains. How malware works: library add audio tag with content to DOM and start autoplay and blocks user interaction on any page where included library. URL to malware code in official repository: https://github.com/sweetalert2/sweetalert2/blob/7f36c2ed9d570f063502394fd7688a253df1b7fd/src/SweetAlert.js#L261 What we can do with it? Thank you!

  • ABP Framework version: v6.0.1
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

2 Answer(s)
  • User Avatar
    0
    romkij created

    Hello!

    As workaround we replace library with version 11.3.6 for our projects.

  • User Avatar
    0
    mahmut.gundogdu created

    This was created by a third-party library. I am looking for a solution, but I can not access sweetalertjs github repo. You can set a selective version like.

    If you are using yarn, add resolutions.

    {
      "name": "project",
      "version": "1.0.0",
      "dependencies": {
       // ...
      },
      "resolutions": {
        "sweetalert2": " 11.3.6 ",
      }
    }
    

    if you are using npm, use

     "overrides": {} 
    
Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07