EUVD-2017-12292

Malware in sbrugna...

CVE-2020-11990

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

GHSA-GWPF-62XP-VRG6 Information Exposure in cordova-android

Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default, a maxim...

Information Exposure in cordova-android

Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default, a maxim...

GHSA-C6PW-Q7F2-97HV Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

Information Exposure

Overview Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default...

Man-in-the-Middle (MitM)

cordova-android is vulnerable to man-in-the-middle MitM attacks. These attacks are possible because the Gradle distribution is downloaded using http, not https. This download happens when the project is build using scripts, the first build or the first time Android is added to cordova...

Denial of service

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

Apache Cordova Android Information Disclosure Vulnerability

Adobe PhoneGap is the United States of America Odobe Adobe company's set of open source development frameworks. Apache Cordova Android is the United States of America Apache Apache Software Foundation Apache a set of platforms that can be used in the development of Android-based mobile applicatio...

Apache Cordova Android Random Value Generation Improperly Vulnerability

Apache Cordova Android is an open source project after contributing to Apache , the core code from PhoneGap , is the core engine that drives PhoneGap , providing enabling mobile applications to JavaScript access to native device functionality , such as the camera , microphone and so on . Apache...

CVE-2015-5256

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI...

CVE-2015-5256

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI...

CVE-2015-8320

Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value...

Information disclosure

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...

CVE-2014-3502

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...