Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Cordova和Adobe PhoneGap 权限许可和访问控制漏洞
Vulnerability Description
Adobe PhoneGap是美国奥多比(Adobe)公司的一套开源的开发框架。Apache Cordova是美国阿帕奇(Apache)软件基金会的一套可使用HTML、CSS和JavaScript开发移动应用程序的平台,也是驱动PhoneGap的核心引擎。 Apache Cordova 3.3.0及之前的版本和Adobe PhoneGap 2.9.0及之前的版本中存在安全漏洞。远程攻击者可借助执行IFRAME脚本的库克隆利用该漏洞绕过既定的基于事件桥的资源设备限制。
CVSS Information
N/A
Vulnerability Type
N/A