Vulnerability Description
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ionicframework | Ionic Web View | <= 1.2.1 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN60497148/index.htmlThird Party Advisory
- https://github.com/ionic-team/cordova-plugin-ionic-webviewThird Party Advisory
- https://jvn.jp/en/jp/JVN69812763/index.htmlThird Party Advisory
- https://www.npmjs.com/advisories/746Third Party Advisory
- http://jvn.jp/en/jp/JVN60497148/index.htmlThird Party Advisory
- https://github.com/ionic-team/cordova-plugin-ionic-webviewThird Party Advisory
- https://jvn.jp/en/jp/JVN69812763/index.htmlThird Party Advisory
- https://www.npmjs.com/advisories/746Third Party Advisory
FAQ
What is CVE-2018-16202?
CVE-2018-16202 is a vulnerability with a CVSS score of 8.6 (HIGH). Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitr...
How severe is CVE-2018-16202?
CVE-2018-16202 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16202?
Check the references section above for vendor advisories and patch information. Affected products include: Ionicframework Ionic Web View.