CVE-2014-7205 — Arbitrary JavaScript Execution in bassmaster

Description

A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. ## Recommendation Update to bassmaster version 1.5.2 or greater.

How to fix CVE-2014-7205

To remediate CVE-2014-7205, upgrade the affected package to a fixed version below.

npm/bassmaster—upgrade to 1.5.2 or later

Is CVE-2014-7205 being exploited?

Likely — EPSS is 84.2%, placing CVE-2014-7205 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

from 0, < 1.5.2

References (9)

ADVISORYgithub.com/advisories/GHSA-5j3g-jfq3-7jwx
ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-7205
PATCHgithub.com/hapijs/bassmaster
WEBexchange.xforce.ibmcloud.com/vulnerabilities/96730
WEB