Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2014-0014 Vulnerability in npm package ember

CVE-2022-23622 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-29207 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory