cordova-ios@3.6.1 vulnerabilities

cordova-ios release

Direct Vulnerabilities

Known vulnerabilities in the cordova-ios package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Authorization Bypass

cordova-ios is an iOS application library that allows for Cordova-based projects to be built for the iOS Platform.

Affected versions of the package are vulnerable to Authorization bypass. Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker can use any of the 2 methods to load malicious resources in an app that uses a whitelist to only load trusted resources.

How to fix Authorization Bypass?

Upgrade cordova-ios to version 4.0.0 or higher.

>=3.5.0 <4.0.0
  • M
Arbitrary execution

cordova-ios is an iOS application library that allows for Cordova-based projects to be built for the iOS Platform.

Affected versions of the package are vulnerable to Arbitrary Code Execution. A malicious plugin can be executed when a user clicks on a link.

How to fix Arbitrary execution?

Upgrade cordova-ios to version 4.0.0 or higher.

>=3.5.0 <4.0.0