CVE-2019-0219
Summary
| CVE | CVE-2019-0219 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-14 15:15:00 UTC |
| Updated | 2022-07-25 18:15:00 UTC |
| Description | A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Cordova Inappbrowser | All | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.1 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.2 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 16.0.6 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 17.0.4 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 18.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 19.0.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MLIST | lists.apache.org | Vendor Advisory |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj | MISC | lists.apache.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| oss-security - CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983822 Nodejs (npm) Security Update for cordova-plugin-inappbrowser (GHSA-c6pw-q7f2-97hv)