CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android) ===
Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below ) Description: A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. Upgrade path: Developers who are concerned about this issue should install version 3.1.0 or higher of cordova-plugin-inappbrowser Mitigation Steps: Upgrade plugin to 3.1.0 or higher and rebuild application, update deployments. Credit: Sergey Bobrov (Kaspersky Lab)
