oss-sec mailing list archives
CVE request: multiple issues in Apache Cordova/PhoneGap
From: David Jorm <djorm () redhat com>
Date: Mon, 03 Feb 2014 15:25:49 +1000
Multiple issues have been reported in Apache Cordova: http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txtThese issues have been discussed and acknowledged on the Cordova development list:
http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:resultsThese issues also affect PhoneGap, the commercial product built by Adobe Systems, which is based on Apache Cordova. However, there is no indication that the Adobe CNA has assigned any CVE IDs to these issues. Given Apache Cordova is an open source project, I think it is in scope for CVE IDs to be assigned on the oss-security list.
Thanks -- David Jorm / Red Hat Security Response Team
Current thread:
- CVE request: multiple issues in Apache Cordova/PhoneGap David Jorm (Feb 02)
- Re: CVE request: multiple issues in Apache Cordova/PhoneGap cve-assign (Feb 07)