cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ton...@apache.org
Subject [1/2] docs commit: added CVE announcement blog post
Date Wed, 27 Apr 2016 21:32:16 GMT
Repository: cordova-docs
Updated Branches:
  refs/heads/master c7bcd83d8 -> 9c0225952


added CVE announcement blog post


Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/bdf815c3
Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/bdf815c3
Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/bdf815c3

Branch: refs/heads/master
Commit: bdf815c3f8709b5ff122e509e95e9a9d347e70cd
Parents: c7bcd83
Author: Tony Homer <tony.homer@intel.com>
Authored: Wed Apr 27 17:06:33 2016 -0400
Committer: Tony Homer <tony.homer@intel.com>
Committed: Wed Apr 27 17:06:33 2016 -0400

----------------------------------------------------------------------
 www/_posts/2016-04-27-security.md | 50 ++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/bdf815c3/www/_posts/2016-04-27-security.md
----------------------------------------------------------------------
diff --git a/www/_posts/2016-04-27-security.md b/www/_posts/2016-04-27-security.md
new file mode 100644
index 0000000..827fb22
--- /dev/null
+++ b/www/_posts/2016-04-27-security.md
@@ -0,0 +1,50 @@
+---
+layout: post
+author:
+    name: Tony Homer
+    url: https://github.com/tony--
+title:  "CVE announcements for Cordova iOS"
+categories: announcements
+tags: news releases security
+---
+
+CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
+
+Severity: 
+High
+
+Vendor: 
+The Apache Software Foundation
+
+Versions Affected:
+cordova-ios 3.9.2 and below
+
+Description:
+Apache Cordova iOS contains 2 methods to bypass the URL access restrictions provided by the
whitelist. An attacker can use any of the 2 methods to load malicious resources in an app
that uses a whitelist to only load trusted resources.
+
+Upgrade path:
+Developers who are concerned about this issue should install version 4.0.0 or higher of the
cordova-ios platform.
+
+Credit:
+This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
+____
+
+CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS
+
+Severity: 
+High
+
+Vendor: 
+The Apache Software Foundation
+
+Versions Affected:
+cordova-ios 3.9.2 and below
+
+Description:
+An arbitrary plugin can be executed when a user clicks on a link.
+
+Upgrade path:
+Developers who are concerned about this issue should install version 4.0.0 or higher of the
cordova-ios platform.
+
+Credit:
+This issue was discovered by Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message