Описание
Arbitrary JavaScript Execution in bassmaster
A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.
Recommendation
Update to bassmaster version 1.5.2 or greater.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-7205
- https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96730
- https://github.com/advisories/GHSA-5j3g-jfq3-7jwx
- https://www.exploit-db.com/exploits/40689
- https://www.npmjs.com/advisories/1
- http://www.openwall.com/lists/oss-security/2014/09/30/10
- http://www.securityfocus.com/bid/70180
Пакеты
Наименование
bassmaster
npm
Затронутые версииВерсия исправления
< 1.5.2
1.5.2
Связанные уязвимости
nvd
больше 11 лет назад
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.