VDB

CVE-2024-51757

CVE-2024-51757 PUBLISHED CVSS 9.300000190734863 CRITICAL

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability.

EPSS 0.66% · 71.6th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.66%
71.6th percentile

Affected Products

VendorProductVersions
capricorn86happy-dom< 15.10.2, < 15.10.2, < 15.10.2
npmhappy-dom0, 0, 0
capricorn86happy-dom0, 0, 0

Exploit Intelligence

Timeline

  • Jan 21, 1970 Security Advisory
  • Nov 6, 2024 CVE Published
  • Nov 6, 2024 Coalition ESS Score
  • Nov 6, 2024 Coalition ESS Score
  • Nov 6, 2024 PoC Published
  • Nov 6, 2024 PoC Published
  • Nov 7, 2024 EPSS Score
  • Nov 8, 2024 Coalition ESS Score
  • Nov 25, 2024 EPSS Score
  • Dec 14, 2024 EPSS Score
  • Jan 1, 2025 EPSS Score
  • Jan 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›