CVE-2014-7205

描述

A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. ## Recommendation Update to bassmaster version 1.5.2 or greater.

受影響套件(1)

• npm/bassmasterfrom 0, < 1.5.2

參考連結(9)

• ADVISORYhttps://github.com/advisories/GHSA-5j3g-jfq3-7jwx
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-7205
• PATCHhttps://github.com/hapijs/bassmaster
• WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96730
• WEBhttps://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
• WEBhttps://www.exploit-db.com/exploits/40689
• WEBhttps://www.npmjs.com/advisories/1
• WEBhttp://www.openwall.com/lists/oss-security/2014/09/30/10
• WEBhttp://www.securityfocus.com/bid/70180