CNNVD-202510-1409 Information

CNNVD ID

CNNVD-202510-1409

Related CVE

CVE-2025-61927

• CNNVD Published: 2025-10-10

Description (Chinese)

happy-dom是David Ortner个人开发者的一种没有图形用户界面的 web 浏览器的 JavaScript 实现。 happy-dom 19及之前版本存在代码注入漏洞，该漏洞源于Node.js VM Context环境隔离不足，可能导致远程代码执行攻击。

Description (English)

Happy-dom is a JavaScript from a web browser without a graphical user interface for David Ortner’s personal developer. There is a code injection loophole in the happy-dom 19 and earlier versions, which stems from inadequate environmental isolation of Node.js VM Context, which could lead to a remote code enforcement attack.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405 https://github.com/capricorn86/happy-dom/security/advisories/GHSA-37j7-fg3j-429f

Patch

https://github.com/capricorn86/happy-dom/releases