The Apache Software Foundationからの情報
脆弱性識別番号:JVN#18889193
脆弱性タイトル:Apache Cordova におけるアクセス制限不備の脆弱性
ステータス:該当製品あり
以下の情報は、製品開発者から JVN に提供されたものです。
CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions on Android
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Cordova Android 3.7.2 and earlier
Description: Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not properly applied. Improperly crafted URIs could be used to circumvent the whitelist, allowing for the execution of non-whitelisted Javascript.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 4.1.1. Developers using remote content roots should also use SSL, as well as Content Source Policy to further mitigate this issue.
Credit: Muneaki Nishimura of Sony Digital Network Applications, Inc
