2324543 – (CVE-2024-51757) CVE-2024-51757 happy-dom: Code Execution Vulnerability in happy-dom via Script Tag

Bug 2324543 (CVE-2024-51757) - CVE-2024-51757 happy-dom: Code Execution Vulnerability in happy-dom via Script Tag

Summary: CVE-2024-51757 happy-dom: Code Execution Vulnerability in happy-dom via Scrip...

Keywords:
Status:	NEW
Alias:	CVE-2024-51757
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-08 13:37 UTC by OSIDB Bzimport
Modified:	2025-06-17 08:27 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-11-08 13:37:02 UTC

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.

Note You need to log in before you can comment on or make changes to this bug.

brking
haoli
hkataria
jcammara
jmitchel
jneedle
jwong
kegrant
koliveir
kshier
mabashia
pbraun
shvarugh
simaishi
smcdonal
stcannon
teagle
tfister
thavo
yguenane