CVE-2015-5204

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova File Transfer
Vendor: CVE Published:; 17 December 2015

Summary

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

References

https://cordova.apache.org/news/2015/09/21/file-transfer-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76832

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 17, 2015
Vulnerability Reserved
Jul 1, 2015