Homepage
About Snyk

bassmaster@0.3.1 vulnerabilities

Batch processing plugin for hapi

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the bassmaster package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary JavaScript Code Injection

Old versions of bassmaster, a Hapi server plugin used to process batches of requests, use the eval method as part of its processing and validation of user input.

An attacker can therefore provide arbitrary javascript in this input, which will be executed by this eval function without limitation.

This is a very severe remote JavaScript code execution, and depending on the node process permissions can turn into Arbitrary Remote Code Execution on the operating system level as well.

How to fix Arbitrary JavaScript Code Injection?

Update to bassmaster version 1.5.2 or greater.

<1.6.0
Go back to all versions of this package