Advertisement






Apache Cordova iOS 3.9.1 Arbitrary Plugin Execution

CVE Category Price Severity
CVE-2015-5208 CWE-276 Not specified High
Author Risk Exploitation Type Date
Raghav Kaushik High Local 2016-04-29
CPE
cpe:cpe:/a:apache:cordova:3.9.1
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.611256 0.90881

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016040177

Below is a copy:

Apache Cordova iOS 3.9.1 Arbitrary Plugin ExecutionCVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
An arbitrary plugin can be executed when a user clicks on a link.

Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.

Credit:
This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.