Directory Traversal Vulnerability in Cordova Plugin Ionic Webview by Ionic
CVE-2018-16202

8.6HIGH

Key Information:

Vendor

Npm, Inc.

Status
Cordova-plugin-ionic-webview
Vendor
CVE Published:
9 January 2019

What is CVE-2018-16202?

A directory traversal vulnerability exists in the cordova-plugin-ionic-webview, allowing remote attackers to exploit unspecified vectors to gain access to arbitrary files on the server. This vulnerability affects specific versions of the plugin prior to 2.2.0, creating potential security risks for applications that utilize it. Users are strongly recommended to upgrade to the latest version to mitigate these risks and ensure the integrity of their systems.

Affected Version(s)

cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0)

References

https://jvn.jp/en/jp/JVN69812763/index.html
third-party-advisoryx_refsource_JVN
https://github.com/ionic-team/cordova-plugin-ionic-webview
x_refsource_MISC
https://www.npmjs.com/advisories/746
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.