Apache Cordova
By the Year
In 2024 there have been 0 vulnerabilities in Apache Cordova . Cordova did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.80 |
| 2020 | 1 | 3.30 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cordova vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Cordova Security Vulnerabilities
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware
CVE-2021-21315
7.8 - High
- February 16, 2021
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
Shell injection
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications
CVE-2020-11990
3.3 - Low
- December 01, 2020
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Cordova or by Apache? Click the Watch button to subscribe.
