What is CVE-2024-51757?

CVE-2024-51757 is a vulnerability in Capricorn86 Happy-dom, classified under Code Injection. Published 2024-11-06.

Is CVE-2024-51757 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Capricorn86 Happy-dom

CVE-2024-51757

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.007 (71.5th percentile) — read the EPSS interpretation.

Affected products

Capricorn86 Happy-dom — versions < 15.10.2

Weakness classification (CWE)

Public proof-of-concept exploits

0xD13/OSCP-Prep-Guide

References

https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8 (x_refsource_CONFIRM)
https://github.com/capricorn86/happy-dom/issues/1585 (x_refsource_MISC)
https://github.com/capricorn86/happy-dom/pull/1586 (x_refsource_MISC)
https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac (x_refsource_MISC)
https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd (x_refsource_MISC)
https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-51757?: CVE-2024-51757 is a vulnerability in Capricorn86 Happy-dom, classified under Code Injection. Published 2024-11-06.
Is CVE-2024-51757 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.