HIGH🇵🇱 Wersja polska

CVE-2014-1882

CVSS 7.5v2.0pub. 2014-03-03upd. 2026-04-29

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Adobe Phonegap

    APP
    Adobe
    2.0.02.1.02.2.02.3.02.4.02.5.02.6.02.7.02.8.02.8.12.9.0≤ 2.9.0
  • Apache Cordova

    APP
    Apache
    3.0.03.1.03.2.03.3.0≤ 3.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2014-0073CRITICAL9.8ten sam produkt

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrow...

CVE-2021-21315HIGH7.1⚠ KEVten sam produkt

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of f...

CVE-2017-3160HIGH7.4ten sam produkt

After the Android platform is added to Cordova the first time, or after a project is created using the build s...

CVE-2014-0072HIGH7.5ten sam produkt

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer)...

CVE-2016-6799HIGH7.5ten sam produkt

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages pa...