cordova-plugin-inappbrowser@0.2.3 vulnerabilities
Cordova InAppBrowser Plugin
latest version
6.0.0
latest non vulnerable version
first published
9 years ago
latest version published
1 years ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the cordova-plugin-inappbrowser package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
cordova-plugin-inappbrowser is a Cordova InAppBrowser Plugin. Affected versions of this package are vulnerable to Arbitrary Code Execution. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. How to fix Arbitrary Code Execution? Upgrade | <3.1.0 |
Affected versions of the package are vulnerable to Privilege Escalation. The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. How to fix Privilege Escalation? Upgrade | <0.3.2 |