Remote Code Execution Vulnerability in Apache Cordova for Android
CVE-2014-3502

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 15 November 2014

Summary

The vulnerability permits remote attackers to exploit a weakness in Apache Cordova for Android prior to version 3.5.1. By utilizing a maliciously crafted URI scheme, attackers can manipulate Android intents to open and send data to arbitrary applications on the device. This could lead to unauthorized actions taken by the compromised applications, posing significant risks to user data and application integrity.

References

http://www.securityfocus.com/bid/69046

vdb-entryx_refsource_BID

http://cordova.apache.org/announcements/2014/08/04/androi...

x_refsource_CONFIRM

http://cordova.apache.org/announcements/2014/08/06/androi...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 15, 2014
Vulnerability Reserved
May 14, 2014