Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2018-11765 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2016-5398 Vulnerability in maven package org.jbpm:jbpm-designer-client

CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2011-2894 Vulnerability in maven package org.springframework:spring-core

CVE-2023-42794 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory