← volver
CVE-2014-7205

CVE-2014-7205

EPSS 78.6%
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
Productos afectados
n/a · n/a
PoCs públicas encontradas4
githubgithub.com/maximilianmarx/bassmaster-rce3githubgithub.com/AndrewTrube/CVE-2014-72050cve_referencewww.exploit-db.com/exploits/40689/no verificadoexploitdbwww.exploit-db.com/exploits/40689no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://exchange.xforce.ibmcloud.com/vulnerabilities/96730https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4https://nodesecurity.io/advisories/bassmaster_js_injectionhttps://www.exploit-db.com/exploits/40689/http://www.openwall.com/lists/oss-security/2014/09/30/10http://www.securityfocus.com/bid/70180