Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
AV:N/AC:L/Au:N/C:P/I:P/A:PAdobe Phonegap
APPAdobe2.0.02.1.02.2.02.3.02.4.02.5.02.6.02.7.02.8.02.8.12.9.0≤ 2.9.0Apache Cordova
APPApache3.0.03.1.03.2.03.3.0≤ 3.3.0
Related vulnerabilities
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrow...
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of f...
After the Android platform is added to Cordova the first time, or after a project is created using the build s...
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer)...
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages pa...