Description
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
Remediation
References
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041
Related Vulnerabilities
CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper
CVE-2015-0886 Vulnerability in maven package org.mindrot:jbcrypt
CVE-2015-3191 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger-hive-utils