Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Remediation

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Related Vulnerabilities

CVE-2017-1000503 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-38695 Vulnerability in npm package @simonsmith/cypress-image-snapshot

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant

CVE-2012-5886 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

Critical

Classification

CWE-254

Tags

Vendor Advisory