Authorization Bypass Affecting cordova-ios Open this link in a new tab package, versions >=3.5.0 <4.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Jun 2017
28 Oct 2014
How to fix?
cordova-ios to version 4.0.0 or higher.
cordova-ios is an iOS application library that allows for Cordova-based projects to be built for the iOS Platform.
Affected versions of the package are vulnerable to Authorization bypass. Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the whitelist. An attacker can use any of the 2 methods to load malicious resources in an app that uses a whitelist to only load trusted resources.