Remote Code Execution (RCE)
Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...