Apache Cordova iOS 3.9.1 Access Bypass

2016.04.29

Credit: Muneaki Nishimura

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
cordova-ios 3.9.1 and below
Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.
Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.
Credit:
This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache Cordova iOS 3.9.1 Access Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.