happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Sat, 09 Nov 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_0
|
Wed, 06 Nov 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 06 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.1 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.1. There are no known workarounds for this vulnerability. | happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability. |
First Time appeared |
Capricorn86
Capricorn86 happy-dom |
|
CPEs | cpe:2.3:a:capricorn86:happy-dom:*:*:*:*:*:*:*:* | |
Vendors & Products |
Capricorn86
Capricorn86 happy-dom |
|
References |
| |
Metrics |
ssvc
|
Wed, 06 Nov 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.1 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.1. There are no known workarounds for this vulnerability. | |
Title | Fixes security vulnerability that allowed for server side code to be executed by a <script> tag | |
Weaknesses | CWE-79 CWE-94 |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-06T19:18:23.923Z
Updated: 2024-11-06T20:05:28.358Z
Reserved: 2024-10-31T14:12:45.792Z
Link: CVE-2024-51757
Vulnrichment
Updated: 2024-11-06T19:52:53.137Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T20:15:06.337
Modified: 2024-11-08T19:01:25.633
Link: CVE-2024-51757
Redhat