Apache Cordova For Android Information Leakage Vulnerability (CVE-2014-3502)
Release date:
Updated on:
Affected Systems:
Apache Group Cordova <3.5.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69046
CVE (CAN) ID: CVE-2014-3502
Apache Cordova is a platform for building local mobile applications using HTML, CSS, and JavaScript.
Android applications built with Apache Cordova for Android 3.5.0 and other versions can start other applications by locating the tag or redirect webview to the Android target URL. If attackers can manipulate the HTML content of the Cordova application, you can create a link to enable other applications and send any data to these applications.
<* Source: David Kaplan
Roee Hay
Link: http://cordova.apache.org/announcements/2014/08/04/android-351.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://cordova.apache.org/
Http://cordova.apache.org/announcements/2014/08/04/android-351.html
For details about Apache Cordova, click here
Apache Cordova: click here
Develop Chrome Apps on the mobile platform using Apache Cordova
This article permanently updates the link address: