Arbitrary JavaScript Execution

Module: bassmaster

Published: September 27th, 2014

Reported by: Jarda Kotěšovec

CVE-2014-7205

CWE-94

Vulnerable: <=1.5.1
Patched: >=1.5.2

Overview

A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.

Remediation

Update to bassmaster version 1.5.2 or greater.

References