The vulnerability of the cordova-plugin-ionic-webview plugin, related to deficiencies in path name restrictions, allows attackers to gain access to arbitrary files.

The vulnerability of the cordova-plugin-ionic-webview plugin is related to deficiencies in path name restrictions for directories. Exploiting this vulnerability could allow an attacker to gain access to arbitrary files...

JVN#60497148: "an" App for iOS vulnerable to directory traversal

"an" App for iOS provided by PERSOL CAREER CO., LTD. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

@evan.network/angular-gulp (>=1.2.3 <=2.1.3), @evan.network/ui-angular-libs (=1.1.0) +10 more potentially affected by CVE-2018-16202 via cordova-plugin-ionic-webview (=1.2.1)

cordova-plugin-ionic-webview NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on cordova-plugin-ionic-webview and may be impacted: - @evan.network/angular-gulp =1.2.3, =0.0.1, =0.0.1, =5.0.1, =0.0.8, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0....

Path Traversal in cordova-plugin-ionic-webview

Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...

GHSA-XWJH-CP99-CJ8Q Path Traversal in cordova-plugin-ionic-webview

Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

CVE-2018-16202

Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...

CVE-2018-16202

Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0 allows remote attackers to access arbitrary files via unspecified vectors...

CVE-2018-16202

CVE-2018-16202 is a directory/path traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.*). The issue enables access to local files from a compromised app, via vulnerable path handling in the package (and related Ionic ZIP parsing behavior) tha...

cordova-plugin-ionic-webview vulnerable to path traversal

Overview cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm...

JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal

cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...