Описание
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.7.1 (включая)
Одно из
cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*
cpe:2.3:a:apache:cordova:4.0.0:*:*:*:*:android:*:*
cpe:2.3:a:apache:cordova:4.0.1:*:*:*:*:android:*:*
EPSS
Процентиль: 70%
0.00625
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
EPSS
Процентиль: 70%
0.00625
Низкий
5.3 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-20