threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache cordova
Product
apache cordova
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-21315
all versions
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve
7.1
HIGH
CVE-2020-11990
all versions
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacke
3.3
LOW
CVE-2017-3160
< 6.1.2
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts
7.4
HIGH
CVE-2014-0073
>= 2.6.0 and <= 2.9.0
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 fo
9.8
CRITICAL
CVE-2014-0072
>= 2.4.0 and <= 2.9.0
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iO
7.5
HIGH
CVE-2015-1835
<= 3.7.1
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows r
5.3
MEDIUM
CVE-2016-6799
<= 5.2.2
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these method
7.5
HIGH
CVE-2015-5208
<= 3.9.1
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
4.4
MEDIUM
CVE-2015-5207
<= 3.9.1
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary
5.3
MEDIUM
CVE-2015-8320
<= 3.6.4
Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers
CVE-2015-5256
<= 3.6.4
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist p
CVE-2014-3502
all versions
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a craft
CVE-2014-3501
all versions
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using
CVE-2014-3500
<= 3.5.0
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
CVE-2014-1884
<= 3.3.0
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation
CVE-2014-1882
<= 3.3.0
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource re
CVE-2014-1881
<= 3.3.0
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource re
CVE-2012-6637
<= 3.3.0
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, wh
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin