Critical severityNVD Advisory· Published Jan 14, 2020· Updated Aug 4, 2024

CVE-2019-0219

Description

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
cordova-plugin-inappbrowsernpm	< 3.1.0	3.1.0

Affected products

Apache/Cordovav5
Range: Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below )

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-c6pw-q7f2-97hvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-0219ghsaADVISORY
www.openwall.com/lists/oss-security/2019/11/28/1ghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndjghsax_refsource_MISCWEB
www.npmjs.com/advisories/1467ghsaWEB
www.oracle.com//security-alerts/cpujul2021.htmlghsax_refsource_MISCWEB
www.oracle.com/security-alerts/cpuApr2021.htmlghsax_refsource_MISCWEB
www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000