Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2015-8862 Vulnerability in maven package org.webjars.npm:mustache

CVE-2011-1184 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2020-5403 Vulnerability in maven package io.projectreactor.netty:reactor-netty

CVE-2022-36917 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2014-1869 Vulnerability in npm package zeroclipboard

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory