CVE request: multiple issues in Apache Cordova/PhoneGap

[David Jorm <djorm () redhat com>]

Multiple issues have been reported in Apache Cordova:

http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt

These issues have been discussed and acknowledged on the Cordova 
development list:

http://callback.markmail.org/message/5kkxyetx2mnywo7q?q=+list:org.apache.incubator.callback-dev&page=3#query:%20list%3Aorg.apache.incubator.callback-dev+page:3+mid:34bp7ejg7yt6dr2z+state:results

These issues also affect PhoneGap, the commercial product built by Adobe 
Systems, which is based on Apache Cordova. However, there is no 
indication that the Adobe CNA has assigned any CVE IDs to these issues. 
Given Apache Cordova is an open source project, I think it is in scope 
for CVE IDs to be assigned on the oss-security list.

Thanks
--
David Jorm / Red Hat Security Response Team