Vulnerability CVE-2014-7205


Published: 2014-10-08

Description:
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Bassmaster project -> Bassmaster 
Bassmaster plugin project -> Bassmaster plugin 

 References:
http://www.openwall.com/lists/oss-security/2014/09/30/10
http://www.securityfocus.com/bid/70180
https://exchange.xforce.ibmcloud.com/vulnerabilities/96730
https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4
https://nodesecurity.io/advisories/bassmaster_js_injection
https://www.exploit-db.com/exploits/40689/

Copyright 2024, cxsecurity.com

 

Back to Top