What is CVE-2014-7205?

CVE-2014-7205 is a vulnerability in Bassmaster_project Bassmaster, classified under Code Injection. Published 2014-10-08.

Is CVE-2014-7205 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Bassmaster_project Bassmaster

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vecto…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.842 (99.3th percentile) — read the EPSS interpretation.

Affected products

Bassmaster_project Bassmaster
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (Third Party Advisory, x_refsource_MISC)
[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
70180 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
bassmaster-cve20147205-code-exec(96730) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
40689 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Exploit)

Frequently asked questions

What is CVE-2014-7205?: CVE-2014-7205 is a vulnerability in Bassmaster_project Bassmaster, classified under Code Injection. Published 2014-10-08.
Is CVE-2014-7205 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.