A vulnerability exists in bassmaster <= 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval.

Recommendation

Update to bassmaster version 1.5.2 or greater.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-7205
• outmoded/bassmaster@b751602
• GHSA-5j3g-jfq3-7jwx
• https://www.npmjs.com/advisories/1
• https://exchange.xforce.ibmcloud.com/vulnerabilities/96730
• https://www.exploit-db.com/exploits/40689/
• http://www.openwall.com/lists/oss-security/2014/09/30/10
• http://www.securityfocus.com/bid/70180