Apache Cordova iOS 3.9.1 Arbitrary Plugin Execution

2016.04.29

Credit: Muneaki Nishimura

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
cordova-ios 3.9.1 and below
Description:
An arbitrary plugin can be executed when a user clicks on a link.
Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.
Credit:
This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache Cordova iOS 3.9.1 Arbitrary Plugin Execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.