Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://www.securityfocus.com/bid/69041

http://cordova.apache.org/announcements/2014/08/04/android-351.html

Related Vulnerabilities

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker

CVE-2022-44644 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc

CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui

CVE-2018-1272 Vulnerability in maven package org.springframework:spring-core

CVE-2020-17150 Vulnerability in npm package typescript-tslint-plugin

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory