Description
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
Remediation
References
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041