Lucene search

K

Veracode Vulnerability DatabaseVERACODE:3400

HistoryFeb 02, 2017 - 4:46 a.m.

Bypassing Device-Resource Restrictions

2017-02-0204:46:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

0.029 Low

EPSS

Percentile

90.8%

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls.

CPENameOperatorVersion
cordovale3.3.0

References

openwall.com/lists/oss-security/2014/02/07/9

packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt

seclists.org/bugtraq/2014/Jan/96

www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf

www.internetsociety.org/ndss2014/programme#session3

github.com/apache/cordova-ios/compare/7452c68c73d89285d51b06839dce1dfac8850004...d6fd0afdc430db947e257c0e80a8fcae2bee55bd

github.com/georgiev-martin/NoFrak/commit/df5cdc79766b6fa4ba78497532641ba1a5000812

0.029 Low

EPSS

Percentile

90.8%

Related for VERACODE:3400

cvelist1 prion1 cve1 ubuntucve1 nvd1