Lucene search
GoogleOSV:GHSA-5J3G-JFQ3-7JWXHistoryOct 24, 2017 - 6:33 p.m.
Arbitrary JavaScript Execution in bassmaster
2017-10-2418:33:36
Google
osv.dev
11
EPSS
0.895
Percentile
98.8%
A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.
Recommendation
Update to bassmaster version 1.5.2 or greater.
References
www.openwall.com/lists/oss-security/2014/09/30/10
www.securityfocus.com/bid/70180
exchange.xforce.ibmcloud.com/vulnerabilities/96730
github.com/advisories/GHSA-5j3g-jfq3-7jwx
github.com/hapijs/bassmaster
github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
nvd.nist.gov/vuln/detail/CVE-2014-7205
www.exploit-db.com/exploits/40689
www.npmjs.com/advisories/1
Related
cvelist
cvelist
CVE-2014-7205
2014-10-08 17:00:00
checkpoint_advisories
checkpoint_advisories
packetstorm
packetstorm
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
2016-10-30 00:00:00
prion
prion
Design/Logic Flaw
2014-10-08 17:55:00
github
github
Arbitrary JavaScript Execution in bassmaster
2017-10-24 18:33:36
zdt
zdt
exploitdb
exploitdb
cve
cve
CVE-2014-7205
2014-10-08 17:55:05
nodejs
nodejs
Arbitrary JavaScript Execution
2015-10-17 19:41:46
metasploit
metasploit
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
2016-10-27 18:22:39
nvd
nvd
CVE-2014-7205
2014-10-08 17:55:05