Vulnerabilities > Apache > Cordova > 3.7.0

DATE CVE VULNERABILITY TITLE RISK
2018-02-01 CVE-2017-3160 Unspecified vulnerability in Apache Cordova
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build.
network
high complexity
apache
7.4
2017-10-27 CVE-2015-1835 Improper Input Validation vulnerability in Apache Cordova
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
network
high complexity
apache CWE-20
5.3
2017-05-09 CVE-2016-6799 Information Exposure Through Log Files vulnerability in Apache Cordova
Product: Apache Cordova Android 5.2.2 and earlier.
network
low complexity
apache CWE-532
7.5
2016-05-09 CVE-2015-5208 Improper Input Validation vulnerability in Apache Cordova
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
local
low complexity
apache CWE-20
4.4
2016-05-09 CVE-2015-5207 Improper Access Control vulnerability in Apache Cordova
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
local
low complexity
apache CWE-284
5.3