Skip to content

Arbitrary JavaScript Execution in bassmaster

Critical severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

npm bassmaster (npm)

Affected versions

< 1.5.2

Patched versions

1.5.2

Description

A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.

Recommendation

Update to bassmaster version 1.5.2 or greater.

References

Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Critical

EPSS score

92.567%
(99th percentile)

Weaknesses

CVE ID

CVE-2014-7205

GHSA ID

GHSA-5j3g-jfq3-7jwx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.