Hello!
We stucking with malware behaviour in opensource library sweetalert.js used in ABP on MVC side. Malware targeted to RU/SU/РФ domains. How malware works: library add audio tag with content to DOM and start autoplay and blocks user interaction on any page where included library. URL to malware code in official repository: https://github.com/sweetalert2/sweetalert2/blob/7f36c2ed9d570f063502394fd7688a253df1b7fd/src/SweetAlert.js#L261 What we can do with it? Thank you!
- ABP Framework version: v6.0.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace:
- Steps to reproduce the issue:"
2 Answer(s)
-
0
Hello!
As workaround we replace library with version 11.3.6 for our projects.
-
0
This was created by a third-party library. I am looking for a solution, but I can not access sweetalertjs github repo. You can set a selective version like.
If you are using yarn, add resolutions.
{ "name": "project", "version": "1.0.0", "dependencies": { // ... }, "resolutions": { "sweetalert2": " 11.3.6 ", } }if you are using npm, use
"overrides": {}
