While working on studio project, I scanned the dependency manifest and found that it uses a vulnerable version of happy-dom. The scan revealed a code injection issue in the ECMAScriptModuleCompiler, where unsanitized export names can be injected into executable code, potentially leading to remote code execution when processing attacker-controlled HTML.
CVE Report
CVE Link
While working on studio project, I scanned the dependency manifest and found that it uses a vulnerable version of
happy-dom. The scan revealed a code injection issue in the ECMAScriptModuleCompiler, where unsanitized export names can be injected into executable code, potentially leading to remote code execution when processing attacker-controlled HTML.CVE Report
CVE Link