Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-C6PW-Q7F2-97HV
HistorySep 04, 2020 - 5:57 p.m.

Privilege Escalation in cordova-plugin-inappbrowser

2020-09-0417:57:43
Google
osv.dev
6

0.005 Low

EPSS

Percentile

76.5%

JSON

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application’s webview using a specially crafted gap-iab: URI. This affects Cordova Android applications using the package.

Recommendation

Upgrade to version 3.1.0 or later.

CPENameOperatorVersion
cordova-plugin-inappbrowserlt3.1.0

Related

nvd 1
cve 1
prion 1
symantec 1
ibm 1
nodejs 1
cnvd 1
cvelist 1
veracode 1
github 1
oracle 3
nvd
nvd
CVE-2019-0219
2020-01-14 15:15:12
cve
cve
CVE-2019-0219
2020-01-14 15:15:12
prion
prion
Code injection
2020-01-14 15:15:00
symantec
symantec
Apache cordova-plugin-inappbrowser CVE-2019-0219 Privilege Escalation Vulnerability
2019-11-27 00:00:00
ibm
ibm
Security Bulletin: IBM MobileFirst Platform Foundation susceptible to privilege escalation on Android
2020-03-02 16:44:29
nodejs
nodejs
Privilege Escalation
2020-01-30 20:43:55
cnvd
cnvd
Apache Cordova Cross-Site Scripting Vulnerability
2022-04-22 00:00:00
cvelist
cvelist
CVE-2019-0219
2020-01-14 14:18:22
veracode
veracode
Privilege Escalation
2019-11-29 05:17:26
github
github
Privilege Escalation in cordova-plugin-inappbrowser
2020-09-04 17:57:43
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

0.005 Low

EPSS

Percentile

76.5%

JSON
Related for OSV:GHSA-C6PW-Q7F2-97HV
nvd1cve1prion1symantec1ibm1nodejs1cnvd1cvelist1veracode1github1oracle3