happy-dom 19.0.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the happy-dom package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Prototype Pollution happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Prototype Pollution via the shared `process` between untrusted scripts and the main application. An attacker can execute arbitrary commands and gain control over the environment by deploying prototype pollution payloads to hijack references such as `process` or manipulate control flow through property checks. This allows the attacker to break out of the intended isolation and perform unauthorized actions. How to fix Prototype Pollution? Upgrade `happy-dom` to version 20.0.2 or higher.	<20.0.2
C Arbitrary Code Injection happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation of code from strings. An attacker can execute arbitrary code on the host system by running untrusted JavaScript code that escapes the intended sandbox and gains access to process-level functionality. Additionally, if the process is executed with CommonJS, the attacker can get hold of the require() function to import modules. How to fix Arbitrary Code Injection? Upgrade `happy-dom` to version 20.0.0 or higher.	<20.0.0

Vulnerability

Vulnerable Version

Prototype Pollution

happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

Affected versions of this package are vulnerable to Prototype Pollution via the shared process between untrusted scripts and the main application. An attacker can execute arbitrary commands and gain control over the environment by deploying prototype pollution payloads to hijack references such as process or manipulate control flow through property checks. This allows the attacker to break out of the intended isolation and perform unauthorized actions.

How to fix Prototype Pollution?

Upgrade happy-dom to version 20.0.2 or higher.

<20.0.2

Arbitrary Code Injection

happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation of code from strings. An attacker can execute arbitrary code on the host system by running untrusted JavaScript code that escapes the intended sandbox and gains access to process-level functionality. Additionally, if the process is executed with CommonJS, the attacker can get hold of the require() function to import modules.

How to fix Arbitrary Code Injection?

Upgrade happy-dom to version 20.0.0 or higher.

<20.0.0

happy-dom@19.0.2 vulnerabilities

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically