Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.bower:dompurify

CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj

CVE-2020-7011 Vulnerability in npm package @elastic/app-search-javascript

CVE-2010-5312 Vulnerability in maven package org.webjars:jquery-ui

CVE-2019-0219 Vulnerability in npm package cordova-plugin-inappbrowser

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory