CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5204 – Apache Cordova Android File Transfer Plugin 1.2.1 Header Injection
https://notcve.org/view.php?id=CVE-2015-5204
25 Sep 2015 — CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. Vulnerabilidad de inyección CRLF en Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) para Android en versiones anteriores a 1.3.0 permite a atacantes remotos inyectar cabeceras arbitrarias a través de secuencias CRLF en el nombre de archivo de un archivo car... • http://www.securityfocus.com/bid/76832 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-0072 – Apache Cordova 2.9.0 File-Transfer Insecure Defaults
https://notcve.org/view.php?id=CVE-2014-0072
05 Mar 2014 — ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. ios/CDVFileTransfer.m en el plugin independiente Apache Cordova File-Transfer (org.apache.cordova.file-transfer) en versiones anteriores a la 0.4.2 para iOS y el plugin File-Transfer para iOS ... • http://d3adend.org/blog/?p=403 • CWE-20: Improper Input Validation •