ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) prior to 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 up to and including 2.9.0 might allow remote malicious users to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cordova file transfer |
||
apache cordova |