Arbitrary JavaScript Execution

Module: bassmaster

Published: September 27th, 2014

Reported by: Jarda Kotěšovec

CVE-2014-7205

CWE-

Vulnerable: <=1.5.1
Patched: >=1.5.2

Overview

A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.

Remediation

Update to bassmaster version 1.5.2 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo