Lucene search
Sergey BobrovNODEJS:1467HistoryJan 30, 2020 - 8:43 p.m.
Privilege Escalation
2020-01-3020:43:55
Sergey Bobrov
www.npmjs.com
10
0.005 Low
EPSS
Percentile
76.4%
Overview
Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application’s webview using a specially crafted gap-iab: URI. This affects Cordova Android applications using the package.
Recommendation
Upgrade to version 3.1.0 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| cordova-plugin-inappbrowser | lt | 3.1.0 |
Related
cvelist
cvelist
CVE-2019-0219
2020-01-14 14:18:22
symantec
symantec
ibm
ibm
cnvd
cnvd
Apache Cordova Cross-Site Scripting Vulnerability
2022-04-22 00:00:00
veracode
veracode
Privilege Escalation
2019-11-29 05:17:26
osv
osv
Privilege Escalation in cordova-plugin-inappbrowser
2020-09-04 17:57:43
github
github
Privilege Escalation in cordova-plugin-inappbrowser
2020-09-04 17:57:43
cve
cve
CVE-2019-0219
2020-01-14 15:15:12
nvd
nvd
CVE-2019-0219
2020-01-14 15:15:12
prion
prion
Code injection
2020-01-14 15:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00