Homepage

happy-dom@20.0.1 vulnerabilities

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

  • latest version

    20.0.10

  • latest non vulnerable version

    20.0.10

  • first published

    6 years ago

  • latest version published

    6 days ago

  • licenses detected

  • View happy-dom package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the happy-dom package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Prototype Pollution

    happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML.

    Affected versions of this package are vulnerable to Prototype Pollution via the shared process between untrusted scripts and the main application. An attacker can execute arbitrary commands and gain control over the environment by deploying prototype pollution payloads to hijack references such as process or manipulate control flow through property checks. This allows the attacker to break out of the intended isolation and perform unauthorized actions.

    How to fix Prototype Pollution?

    Upgrade happy-dom to version 20.0.2 or higher.

    <20.0.2
    Go back to all versions of this package