Description
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
Remediation
References
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041
Related Vulnerabilities
CVE-2019-1003025 Vulnerability in maven package org.jenkins-ci.plugins:cloudfoundry
CVE-2020-11023 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2019-1003075 Vulnerability in maven package org.jenkins-ci.plugins:audit2db
CVE-2014-1972 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on