Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2018-1000148 Vulnerability in maven package org.jenkins-ci.plugins:copy-to-slave

CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2023-47797 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2020-1935 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory