[
https://issues.apache.org/jira/browse/CB-12430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15861759#comment-15861759
]
Kerri Shotts commented on CB-12430:
-----------------------------------
The report indicates a specific call containing a URL redirection. Please
provide more information as to where the flaw was found, what specific
redirection is occurring, what version of Cordova and associated Cordova
platforms you are using, and what plugins (if any) you have in the project.
Do keep in mind that Cordova uses a web view, so at some point, {{loadUrl}} is
going to be invoked at some point. That in and of itself is not necessarily
problematic -- it is the app developer's responsibility to ensure that they
don't instruct Cordova to load malicious resources.
> URL Redirection to Untrusted Site ('Open Redirect')
> ----------------------------------------------------
>
> Key: CB-12430
> URL: https://issues.apache.org/jira/browse/CB-12430
> Project: Apache Cordova
> Issue Type: Bug
> Reporter: Sahil
>
> In VARACODE Scan of android Application following flaw was observed.
> Attack Vector: android.webkit.WebView.loadUrl
> Description: This call to android.webkit.WebView.loadUrl() contains a URL
> redirection to untrusted site flaw. Writing unsanitized user-supplied input
> into a URL value could cause the web application to redirect the request to
> the specified URL, leading to phishing attempts to steal user credentials.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
