A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.
Update to bassmaster version 1.5.2 or greater.
www.openwall.com/lists/oss-security/2014/09/30/10
www.securityfocus.com/bid/70180
exchange.xforce.ibmcloud.com/vulnerabilities/96730
github.com/advisories/GHSA-5j3g-jfq3-7jwx
github.com/hapijs/bassmaster
github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
nvd.nist.gov/vuln/detail/CVE-2014-7205
www.exploit-db.com/exploits/40689
www.npmjs.com/advisories/1