QID 983822
QID 983822: Nodejs (npm) Security Update for cordova-plugin-inappbrowser (GHSA-c6pw-q7f2-97hv)
Versions of `cordova-plugin-inappbrowser` prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android applications using the package. ## Recommendation Upgrade to version 3.1.0 or later.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-c6pw-q7f2-97hv for updates pertaining to this vulnerability.
Vendor References
- GHSA-c6pw-q7f2-97hv -
github.com/advisories/GHSA-c6pw-q7f2-97hv
CVEs related to QID 983822
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-c6pw-q7f2-97hv | cordova-plugin-inappbrowser |
|