Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05Nmc3LWc3Zzktanh3OM4ABBBh
happy-dom allows for server side code to be executed by a <script> tag
Impact
Consumers of the NPM package happy-dom
Patches
The security vulnerability has been patched in v15.10.2
Workarounds
No easy workarounds to my knowledge
References
Permalink: https://github.com/advisories/GHSA-96g7-g7g9-jxw8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Nmc3LWc3Zzktanh3OM4ABBBh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 11 hours ago
Updated: about 3 hours ago
Identifiers: GHSA-96g7-g7g9-jxw8, CVE-2024-51757
References:
- https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8
- https://github.com/capricorn86/happy-dom/issues/1585
- https://github.com/capricorn86/happy-dom/pull/1586
- https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac
- https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd
- https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2
- https://nvd.nist.gov/vuln/detail/CVE-2024-51757
- https://github.com/advisories/GHSA-96g7-g7g9-jxw8
Blast Radius: 0.0
Affected Packages
npm:happy-dom
Dependent packages: 1,713Dependent repositories: 3,800
Downloads: 4,272,027 last month
Affected Version Ranges: < 15.10.2
Fixed in: 15.10.2
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.2.14, 0.2.15, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.11, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.9.0, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.14.0, 0.14.1, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.12.0, 1.13.0, 1.14.0, 1.14.1, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.18.0, 1.18.1, 1.18.2, 2.0.0, 2.1.0, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.16.0, 2.16.1, 2.16.2, 2.16.3, 2.17.0, 2.17.1, 2.18.0, 2.18.1, 2.19.0, 2.19.1, 2.19.2, 2.19.3, 2.20.0, 2.20.1, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.24.0, 2.24.1, 2.24.2, 2.24.3, 2.24.4, 2.24.5, 2.25.0, 2.25.1, 2.25.2, 2.26.0, 2.27.0, 2.27.2, 2.27.3, 2.28.0, 2.29.0, 2.30.0, 2.30.1, 2.31.0, 2.31.1, 2.32.0, 2.33.0, 2.33.1, 2.34.0, 2.35.0, 2.36.0, 2.37.0, 2.38.0, 2.39.0, 2.39.1, 2.40.0, 2.40.1, 2.40.2, 2.40.3, 2.41.0, 2.42.0, 2.43.0, 2.43.1, 2.45.0, 2.45.1, 2.46.0, 2.46.1, 2.46.2, 2.46.3, 2.47.0, 2.47.1, 2.47.2, 2.47.3, 2.48.0, 2.49.0, 2.49.1, 2.49.2, 2.50.0, 2.51.0, 2.51.1, 2.52.0, 2.53.0, 2.53.1, 2.54.0, 2.55.0, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.1.0, 7.1.1, 7.2.0, 7.3.0, 7.4.0, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.5.7, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 7.5.12, 7.5.13, 7.5.14, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.7.0, 7.7.1, 7.7.2, 7.8.0, 7.8.1, 8.0.0, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.6.0, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.7.5, 8.7.6, 8.8.0, 8.9.0, 9.0.0, 9.0.1, 9.1.0, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 9.1.10, 9.2.0, 9.2.1, 9.3.0, 9.3.1, 9.3.2, 9.4.0, 9.5.0, 9.5.1, 9.6.0, 9.6.1, 9.7.0, 9.7.1, 9.8.0, 9.8.1, 9.8.2, 9.8.3, 9.8.4, 9.9.0, 9.9.1, 9.9.2, 9.10.0, 9.10.1, 9.10.2, 9.10.3, 9.10.4, 9.10.5, 9.10.6, 9.10.7, 9.10.8, 9.10.9, 9.11.0, 9.12.0, 9.13.0, 9.13.1, 9.14.0, 9.15.0, 9.16.0, 9.17.0, 9.18.0, 9.18.1, 9.18.2, 9.18.3, 9.19.0, 9.19.1, 9.19.2, 9.20.0, 9.20.1, 9.20.2, 9.20.3, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.1.0, 10.1.1, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, 10.10.4, 10.11.0, 10.11.1, 10.11.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.1.0, 11.1.1, 11.1.2, 11.2.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.1.7, 12.2.0, 12.2.1, 12.2.2, 12.3.0, 12.4.0, 12.5.0, 12.5.1, 12.6.0, 12.7.0, 12.8.0, 12.8.1, 12.9.0, 12.9.1, 12.9.2, 12.10.0, 12.10.1, 12.10.2, 12.10.3, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 13.1.0, 13.1.1, 13.1.2, 13.1.3, 13.1.4, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.3.5, 13.3.6, 13.3.7, 13.3.8, 13.4.0, 13.4.1, 13.5.0, 13.5.1, 13.5.2, 13.5.3, 13.6.0, 13.6.1, 13.6.2, 13.7.0, 13.7.1, 13.7.2, 13.7.3, 13.7.4, 13.7.5, 13.7.6, 13.7.7, 13.7.8, 13.8.0, 13.8.1, 13.8.2, 13.8.3, 13.8.4, 13.8.5, 13.8.6, 13.9.0, 13.10.0, 13.10.1, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.2.1, 14.3.0, 14.3.1, 14.3.2, 14.3.3, 14.3.4, 14.3.5, 14.3.6, 14.3.7, 14.3.8, 14.3.9, 14.3.10, 14.4.0, 14.5.0, 14.5.1, 14.5.2, 14.6.0, 14.6.1, 14.6.2, 14.7.0, 14.7.1, 14.8.0, 14.8.1, 14.8.2, 14.8.3, 14.9.0, 14.10.0, 14.10.1, 14.10.2, 14.10.3, 14.11.0, 14.11.1, 14.11.2, 14.11.3, 14.11.4, 14.12.0, 14.12.1, 14.12.2, 14.12.3, 15.0.0, 15.1.0, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 15.4.0, 15.4.1, 15.4.2, 15.4.3, 15.5.0, 15.6.0, 15.6.1, 15.7.0, 15.7.1, 15.7.2, 15.7.3, 15.7.4, 15.8.0, 15.8.1, 15.8.2, 15.8.3, 15.8.4, 15.8.5, 15.9.0, 15.10.0
All unaffected versions: