cordova-plugin-inappbrowser@3.0.0

Vulnerabilities

1 via 1 paths

Dependencies

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Arbitrary Code Execution

  • Vulnerable module: cordova-plugin-inappbrowser
  • Introduced through: cordova-plugin-inappbrowser@3.0.0

Detailed paths

  • Introduced through: cordova-plugin-inappbrowser@3.0.0
    Remediation: Upgrade to cordova-plugin-inappbrowser@3.1.0.

Overview

cordova-plugin-inappbrowser is a Cordova InAppBrowser Plugin.

Affected versions of this package are vulnerable to Arbitrary Code Execution. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

Remediation

Upgrade cordova-plugin-inappbrowser to version 3.1.0 or higher.

References