【happy-dom allows for server side code to be executed by a <script> tag · CVE-2024-51757 · GitHub Advisory Database】
https://github.com/advisories/GHSA-96g7-g7g9-jxw8
happy-domのSSRFのセキュリティ修正。
<script>のsrc属性に書かれているコードを実行してしまう問題の修正。
happy-dom v15.10.2で修正されている。
関連URL
Release v15.10.2 · capricorn86/happy-dom
https://realtime.jser.info/2024/11/07/happy-dom-allows-for-server-side-code-to-be-executed-by-a-script-tag-cve-2024-51757-github-advisory-database/
jserinfo RSS feed【非公式】
npub1ks…hjw9x
2024-11-07 00:37:05
Author Public Key
npub1ks82qdt3y54uwteat8u2cr8m8jhtg3646rcd68csta8at6rr45xqvhjw9xPublished at
2024-11-07 00:37:05Event JSON
{
"id": "94da443a01a453a6219dbcf5c9a28a32c5b7dcdc93c37b0d0c5a0dc9d64b8b6d",
"pubkey": "b40ea03571252bc72f3d59f8ac0cfb3caeb44755d0f0dd1f105f4fd5e863ad0c",
"created_at": 1730939825,
"kind": 1,
"tags": [
[
"r",
"https://realtime.jser.info/2024/11/07/happy-dom-allows-for-server-side-code-to-be-executed-by-a-script-tag-cve-2024-51757-github-advisory-database/"
],
[
"proxy",
"https://realtime.jser.info/feed.xml#https://realtime.jser.info/2024/11/07/happy-dom-allows-for-server-side-code-to-be-executed-by-a-script-tag-cve-2024-51757-github-advisory-database/",
"rss"
]
],
"content": "【happy-dom allows for server side code to be executed by a \u0026lt;script\u0026gt; tag · CVE-2024-51757 · GitHub Advisory Database】\nhttps://github.com/advisories/GHSA-96g7-g7g9-jxw8\n happy-domのSSRFのセキュリティ修正。\n\u0026lt;script\u0026gt;のsrc属性に書かれているコードを実行してしまう問題の修正。\nhappy-dom v15.10.2で修正されている。\n関連URL\nRelease v15.10.2 · capricorn86/happy-dom\nhttps://realtime.jser.info/2024/11/07/happy-dom-allows-for-server-side-code-to-be-executed-by-a-script-tag-cve-2024-51757-github-advisory-database/",
"sig": "a9656d3224eca86f93cb0ecff8679380fb84bdcf4c84f671dcdbec5dbfef6bc107a15b69894c562def38a4f31b8d18c3c4295203fb35c5cb453f62f6cabc4991"
}