Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Cordova-Android 权限许可和访问控制漏洞
Vulnerability Description
Adobe PhoneGap是美国奥多比(Adobe)公司的一套开源的开发框架。Apache Cordova-Android是美国阿帕奇(Apache)软件基金会的一套可使用HTML、CSS和JavaScript开发基于Android的移动应用程序的平台,也是驱动PhoneGap的核心引擎。 Apache Cordova-Android 3.7.2及之前版本中存在安全漏洞,该漏洞源于程序使用远程服务器时没有正确实现JavaScript白名单保护机制。攻击者可借助特制的URI利用该漏洞绕过既定的访问限制。
CVSS Information
N/A
Vulnerability Type
N/A