CVE-2024-51757— happy-dom 代码注入漏洞

Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.

N/A

对生成代码的控制不恰当(代码注入)

happy-dom 代码注入漏洞

happy-dom是David Ortner个人开发者的一种没有图形用户界面的 web 浏览器的 JavaScript 实现。 happy-dom 15.10.2之前版本存在代码注入漏洞，该漏洞源于会通过脚本标签在主机上执行代码，导致可在用户上下文中执行代码。

N/A

N/A