Versions of cordova-plugin-ionic-webview
prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app itself, thus escaping the iOS application sandbox and accessing local files.
Upgrade to version 2.2.0
CPE | Name | Operator | Version |
---|---|---|---|
cordova-plugin-ionic-webview | lt | 2.2.0 |