oss-sec mailing list archives
CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)
From: Jesse <purplecabbage () gmail com>
Date: Wed, 27 Nov 2019 23:05:54 -0800
CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) === Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below ) Description: A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. Upgrade path: Developers who are concerned about this issue should install version 3.1.0 or higher of cordova-plugin-inappbrowser Mitigation Steps: Upgrade plugin to 3.1.0 or higher and rebuild application, update deployments. Credit: Sergey Bobrov (Kaspersky Lab)
Current thread:
- CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) Jesse (Nov 28)