Lucene search
Mitsui Bussan Secure Directions, IncNODEJS:746HistoryDec 12, 2018 - 6:28 p.m.
Path Traversal
2018-12-1218:28:19
Mitsui Bussan Secure Directions, Inc
www.npmjs.com
5
0.003 Low
EPSS
Percentile
68.0%
Overview
Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app itself, thus escaping the iOS application sandbox and accessing local files.
Recommendation
Upgrade to version 2.2.0
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| cordova-plugin-ionic-webview | lt | 2.2.0 |
Related
osv
osv
CVE-2018-16202
2019-01-09 23:29:04
Path Traversal in cordova-plugin-ionic-webview
2019-02-12 15:36:35
github
github
Path Traversal in cordova-plugin-ionic-webview
2019-02-12 15:36:35
prion
prion
Directory traversal
2019-01-09 23:29:00
jvn
jvn
JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal
2018-12-21 00:00:00
JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal
2019-01-24 00:00:00
veracode
veracode
Directory Traversal
2018-12-19 01:38:31
cvelist
cvelist
CVE-2018-16202
2019-01-09 22:00:00
cve
cve
CVE-2018-16202
2019-01-09 23:29:04
nvd
nvd
CVE-2018-16202
2019-01-09 23:29:04
ics
ics
GE Gas Power ToolBoxST
2022-01-25 12:00:00