Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://www.securityfocus.com/bid/69041

http://cordova.apache.org/announcements/2014/08/04/android-351.html

Related Vulnerabilities

CVE-2020-2190 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2022-46682 Vulnerability in maven package org.jenkins-ci.plugins:plot

CVE-2023-4918 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs

CVE-2016-4465 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory