CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.8%
A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.
Update to bassmaster version 1.5.2 or greater.
Vendor | Product | Version | CPE |
---|---|---|---|
bassmaster_project | bassmaster | * | cpe:2.3:a:bassmaster_project:bassmaster:*:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2014/09/30/10
www.securityfocus.com/bid/70180
exchange.xforce.ibmcloud.com/vulnerabilities/96730
github.com/advisories/GHSA-5j3g-jfq3-7jwx
github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
nvd.nist.gov/vuln/detail/CVE-2014-7205
www.exploit-db.com/exploits/40689/
www.npmjs.com/advisories/1