Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2018-25007 Vulnerability in maven package com.vaadin:flow-server

CVE-2018-6341 Vulnerability in maven package org.webjars.npm:react-dom

CVE-2012-0394 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer

CVE-2016-0711 Vulnerability in maven package org.apache.portals.jetspeed-2:j2-admin

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory