Improper Whitelist Implementation in Apache Cordova-Android
CVE-2015-5256

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 23 November 2015

Summary

This vulnerability in Apache Cordova-Android versions prior to 4.1.0 arises from an inadequate implementation of the JavaScript whitelist protection mechanism. Attackers can exploit this flaw to bypass intended access restrictions when an application relies on connections to a remote server. By crafting a malicious URI, an attacker can gain unauthorized access, potentially leading to the execution of harmful scripts or fetching sensitive data from the vulnerable application.

References

http://www.securityfocus.com/archive/1/536944/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/134497/Apache-Cordov...

x_refsource_MISC

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html

third-party-advisoryx_refsource_JVNDB

Timeline

Vulnerability published
Nov 23, 2015
Vulnerability Reserved
Jul 1, 2015