ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NApache Cordova
APPApache2.4.0 – 2.9.0Apache Cordova File Transfer
APPApache≤ 0.4.1
Related vulnerabilities
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrow...
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of f...
After the Android platform is added to Cordova the first time, or after a project is created using the build s...
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages pa...
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intende...