CVE-2014-7205
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Arbitrary JavaScript Execution in bassmaster
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | bassmaster | <1.5.2 | 1.5.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| bassmaster_project | bassmaster | {"endExcluding":"1.5.2"} | 1.5.2 |
References
- http://www.openwall.com/lists/oss-security/2014/09/30/10
- http://www.securityfocus.com/bid/70180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96730
- https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
- https://nodesecurity.io/advisories/bassmaster_js_injection
- https://www.exploit-db.com/exploits/40689/
- https://nvd.nist.gov/vuln/detail/CVE-2014-7205
- https://github.com/advisories/GHSA-5j3g-jfq3-7jwx
- https://github.com/hapijs/bassmaster
- https://www.exploit-db.com/exploits/40689
- https://www.npmjs.com/advisories/1
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.