CVE-2024-51757
Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
| Assigner | GitHub_M |
| Reserved | 2024-10-31 |
| Published | 2024-11-06 |
| Updated | 2024-11-06 |
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.
| CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8
https://github.com/capricorn86/happy-dom/issues/1585
https://github.com/capricorn86/happy-dom/pull/1586
https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac
https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd
https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2
