- 漏洞信息

102783
Apache Cordova / PhoneGap on Android / iOS Same-origin Policy Bypass
Context Dependent, Mobile Phone / Hand-held Device Input Manipulation
Loss of Integrity Third-Party Solution
Exploit Unknown No Vendor Response

- 漏洞描述

Apache Cordova or PhoneGap contains a flaw that is due to the program not blocking third-party scripts included via <script> tags when their source domain is white listed, even if execute in a different domain's origin. This may allow a context-dependent attacker to bypass the same origin policy.

- 时间线

2014-01-24 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or vendor upgrades to correct this issue. However, the researchers who disclosed this issue have released 'NoFrak', which they claim fixes this vulnerability. As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站