happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.
History

Sat, 09 Nov 2024 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Critical


Wed, 06 Nov 2024 20:30:00 +0000


Wed, 06 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Description happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.1 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.1. There are no known workarounds for this vulnerability. happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.
First Time appeared Capricorn86
Capricorn86 happy-dom
CPEs cpe:2.3:a:capricorn86:happy-dom:*:*:*:*:*:*:*:*
Vendors & Products Capricorn86
Capricorn86 happy-dom
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 19:30:00 +0000

Type Values Removed Values Added
Description happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.1 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.1. There are no known workarounds for this vulnerability.
Title Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
Weaknesses CWE-79
CWE-94
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-06T19:18:23.923Z

Updated: 2024-11-06T20:05:28.358Z

Reserved: 2024-10-31T14:12:45.792Z

Link: CVE-2024-51757

cve-icon Vulnrichment

Updated: 2024-11-06T19:52:53.137Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-06T20:15:06.337

Modified: 2024-11-08T19:01:25.633

Link: CVE-2024-51757

cve-icon Redhat

Severity : Critical

Publid Date: 2024-11-06T19:18:23Z

Links: CVE-2024-51757 - Bugzilla