Information Exposure Affecting cordova-android package, versions <3.5.1
Threat Intelligence
EPSS
0.25% (66th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:cordova-android:20140804-2
- published 21 Jun 2017
- disclosed 3 Aug 2014
- credit David Kaplan, Roee Hay
Introduced: 3 Aug 2014
CVE-2014-3502 Open this link in a new tabHow to fix?
Upgrade cordova-android
to version 3.5.1 or higher.
Overview
cordova-android
is an Android application library that allows for Cordova-based projects to be built for the Android Platform.
Affected versions of the package are vulnerable to Information Exposure. This allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
References
CVSS Scores
version 3.1