Jarda Kotesovec

**Name of the Vulnerable Software and Affected Versions** bassmaster versions prior to 1.5.2 **Description** The issue allows remote attackers to execute arbitrary Javascript code via unspecified vectors, due to an eval injection vulnerability in the internals.batch function in lib/batch.js. This vulnerability exists in versions of bassmaster that allow an attacker to provide arbitrary JavaScript that is then executed server-side via eval. **Recommendations** For versions prior to 1.5.2, update to bassmaster version 1.5.2 or greater.