Lucene search
GoogleOSV:GHSA-XWJH-CP99-CJ8QHistoryFeb 12, 2019 - 3:36 p.m.
Path Traversal in cordova-plugin-ionic-webview
2019-02-1215:36:35
Google
osv.dev
11
0.003 Low
EPSS
Percentile
68.0%
Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app itself, thus escaping the iOS application sandbox and accessing local files.
Recommendation
Upgrade to version 2.2.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| cordova-plugin-ionic-webview | lt | 2.2.0 |
Related
nodejs
nodejs
Path Traversal
2018-12-12 18:28:19
osv
osv
CVE-2018-16202
2019-01-09 23:29:04
github
github
Path Traversal in cordova-plugin-ionic-webview
2019-02-12 15:36:35
prion
prion
Directory traversal
2019-01-09 23:29:00
cve
cve
CVE-2018-16202
2019-01-09 23:29:04
nvd
nvd
CVE-2018-16202
2019-01-09 23:29:04
jvn
jvn
JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal
2018-12-21 00:00:00
JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal
2019-01-24 00:00:00
veracode
veracode
Directory Traversal
2018-12-19 01:38:31
cvelist
cvelist
CVE-2018-16202
2019-01-09 22:00:00
ics
ics
GE Gas Power ToolBoxST
2022-01-25 12:00:00