2 matches found
CVE-2015-5204
CVE-2015-5204 affects the cordova-plugin-file-transfer for Android (versions 1.2.1 and earlier). The root cause is HTTP header injection via improper validation of the Filename argument, allowing an attacker to inject CRLF sequences and thus manipulate headers in the HTTP response. Documented imp...
CVE-2014-0072
CVE-2014-0072 affects the Apache Cordova File-Transfer stack on iOS. The File-Transfer plugin for iOS (Cordova 2.4.0–2.9.0) and the standalone File-Transfer plugin (org.apache.cordova.file-transfer) prior to 0.4.2 default the trustAllHosts option to true, allowing remote attackers to spoof SSL se...