cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jcesarmobile (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CB-11899) Veracode security vulnerability: Exposed Dangerous method or Function
Date Thu, 01 Dec 2016 09:05:59 GMT

     [ https://issues.apache.org/jira/browse/CB-11899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

jcesarmobile closed CB-11899.
-----------------------------
    Resolution: Duplicate
      Assignee: jcesarmobile

It's a duplicate of CB-11719

> Veracode security vulnerability: Exposed Dangerous method or Function
> ---------------------------------------------------------------------
>
>                 Key: CB-11899
>                 URL: https://issues.apache.org/jira/browse/CB-11899
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CordovaJS
>            Reporter: Ajay Gupta
>            Assignee: jcesarmobile
>            Priority: Critical
>
> In a recent veracode scan oof one of the mobile applications, we found a high level vulnerability
in Cordova.  
> Exposed Dangerous Method or Function (CWE ID 749) 
> Description: The application provides an API or similar interface to a dangerous method
or function that is not property restricted.  Recommendation is to restrict the exposed API,
or avoid using the classes that exhibit the behavior.
> Instances found during static scan:  .../SystemWebViewEngine.java: 259



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message