CRLF Injection Vulnerability in Apache Cordova File Transfer Plugin for Android
CVE-2015-5204

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova File Transfer
Vendor: CVE Published:; 17 December 2015

Summary

A CRLF injection vulnerability exists in the Apache Cordova File Transfer Plugin for Android, specifically affecting versions prior to 1.3.0. This flaw allows remote attackers to inject arbitrary HTTP headers through CRLF sequences in the filename of an uploaded file. Such exploitation could potentially lead to unauthorized actions on behalf of the user, making it imperative for developers to update to the latest version to mitigate this security risk.

References

https://cordova.apache.org/news/2015/09/21/file-transfer-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76832

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 17, 2015
Vulnerability Reserved
Jul 1, 2015