Remote Plugin Execution Vulnerability in Apache Cordova for iOS
CVE-2015-5208

4.4MEDIUM

Key Information:

Vendor

Apache
Status
Cordova
Vendor
CVE Published:
9 May 2016

What is CVE-2015-5208?

Prior to version 4.0.0, Apache Cordova for iOS is susceptible to a vulnerability that enables remote attackers to execute arbitrary plugins through crafted links. This flaw poses significant security risks as it could allow unauthorized access to sensitive functionality within the application, compromising user data and system integrity. It is crucial for developers using affected versions to implement immediate updates and proper security measures to mitigate potential exploits.

References

https://cordova.apache.org/announcements/2016/04/27/secur...
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN41772178/index.html
third-party-advisoryx_refsource_JVN
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html
third-party-advisoryx_refsource_JVNDB

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.