CVE-2014-1883

2014-03-0304:50:46

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1883

adobe

phonegap

android

security vulnerability

remote code execution

nvd

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

Affected configurations

NVD

Node

adobephonegapRange≤2.5.0

adobephonegapMatch2.0.0

adobephonegapMatch2.0.0rc1

adobephonegapMatch2.1.0

adobephonegapMatch2.2.0

adobephonegapMatch2.2.0rc1

adobephonegapMatch2.2.0rc2

adobephonegapMatch2.3.0

adobephonegapMatch2.3.0rc1

adobephonegapMatch2.3.0rc2

adobephonegapMatch2.4.0

adobephonegapMatch2.4.0rc1

adobephonegapMatch2.5.0rc1

CPENameOperatorVersion
adobe:phonegapadobe phonegaple2.5.0
adobe:phonegapadobe phonegapeq2.0.0
adobe:phonegapadobe phonegapeq2.1.0
adobe:phonegapadobe phonegapeq2.2.0
adobe:phonegapadobe phonegapeq2.3.0
adobe:phonegapadobe phonegapeq2.4.0

CPE	Name	Operator	Version
adobe:phonegap	adobe phonegap	le	2.5.0
adobe:phonegap	adobe phonegap	eq	2.0.0
adobe:phonegap	adobe phonegap	eq	2.1.0
adobe:phonegap	adobe phonegap	eq	2.2.0
adobe:phonegap	adobe phonegap	eq	2.3.0
adobe:phonegap	adobe phonegap	eq	2.4.0