57 matches found
CVE-2025-61927
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927
CVE-2025-61927 affects Happy DOM v19 and earlier, where the Node.js VM Context is not isolated and untrusted JavaScript executed inside the Happy DOM VM can escape to access process-level functionality. Depending on module system (ESM vs CommonJS), attackers may obtain access to powerful objects ...
PT-2025-41599
Name of the Vulnerable Software and Affected Versions Happy DOM versions 19 and lower Description Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, contains a security issue that could lead to Remote Code Execution RCE attacks. The Node.js VM Context with...
happy-dom 代码注入漏洞
happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...
EUVD-2024-3226
Malicious code in bioql PyPI...
CVE-2024-51757
A flaw was found in happy-dom. This vulnerability allows remote code execution via a script tag, potentially executing code in the user context of happy-dom...
CVE-2024-51757
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...
CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...
CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...
CVE-2024-51757
CVE-2024-51757 affects the JavaScript library happy-dom (a headless browser implementation). Versions prior to 15.10.2 may execute code on the host via a script tag, running in the user context of happy-dom with high impact on confidentiality, integrity, and availability. The issue is triggered b...
@adaptive-web/adaptive-ui (>=0.4.1 <=0.13.1), @adaptive-web/adaptive-ui-designer-core (>=0.1.0 <=0.6.0) +185 more potentially affected by CVE-2024-51757 via happy-dom (>=0.0.1 <=15.0.0)
happy-dom NPM version =0.0.1, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.11.0, =16.0.0, =0.0.1-beta.9, =0.0.1-beta.3, =0.0.1-alpha.0, =0.0.1-alpha.2, =0.1.2, =0.0.2, =1.0.4, =1.0.306 - @devsisters/gatsby-preset =3.0.0-rc - @devsisters/gatsby-stack =2.0.0-rc and more Source cves: CVE-2024-51757 Source...
happy-dom allows for server side code to be executed by a <script> tag
Impact Consumers of the NPM package happy-dom Patches The security vulnerability has been patched in v15.10.2 Workarounds No easy workarounds to my knowledge References 1585...
PT-2024-34888 · Happy-Dom · Happy-Dom
Name of the Vulnerable Software and Affected Versions: happy-dom versions prior to 15.10.2 Description: happy-dom is a JavaScript implementation of a web browser without its graphical user interface. It may execute code on the host via a script tag, which would execute code in the user context of...
happy-dom 代码注入漏洞
happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom versions prior to 15.10.2, which originates from code execution on the host via script tags, leading to code...