Description

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

Remediation

References

http://www.securityfocus.com/bid/76832

https://cordova.apache.org/news/2015/09/21/file-transfer-release.html

Related Vulnerabilities

CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors

CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-velocity

CVE-2023-34040 Vulnerability in maven package org.springframework.kafka:spring-kafka

CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

Severity

Critical

Tags

Vendor Advisory NVD-CWE-Other