CVE-2014-7205
CVE-2014-7205
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (3 stars) — exploitation code widely available.
CVSS —EPSS 78.6%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
08 Oct 2014Published on NVD
01 Nov 2016Metasploit module available
02 Nov 2016Public PoC
Weaponization speed
755 daysto first PoC
754 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/maximilianmarx/bassmaster-rce★ 3githubgithub.com/AndrewTrube/CVE-2014-7205★ 0cve_referencewww.exploit-db.com/exploits/40689/unverifiedexploitdbwww.exploit-db.com/exploits/40689unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/96730https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4https://nodesecurity.io/advisories/bassmaster_js_injectionhttps://www.exploit-db.com/exploits/40689/http://www.openwall.com/lists/oss-security/2014/09/30/10http://www.securityfocus.com/bid/70180