Vulnerability Details CVE-2018-16202
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.4%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 5.0
References
- http://jvn.jp/en/jp/JVN60497148/index.html
- https://github.com/ionic-team/cordova-plugin-ionic-webview
- https://jvn.jp/en/jp/JVN69812763/index.html
- https://www.npmjs.com/advisories/746
- http://jvn.jp/en/jp/JVN60497148/index.html
- https://github.com/ionic-team/cordova-plugin-ionic-webview
- https://jvn.jp/en/jp/JVN69812763/index.html
- https://www.npmjs.com/advisories/746
Products affected by CVE-2018-16202
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.10
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.11
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.12
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.13
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.14
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.15
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.16
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.19
-
cpe:2.3:a:ionicframework:ionic_web_view:1.1.9
-
cpe:2.3:a:ionicframework:ionic_web_view:1.2.1
-
cpe:2.3:a:ionicframework:ionic_web_view:2.0.0
-
cpe:2.3:a:ionicframework:ionic_web_view:2.0.1
-
cpe:2.3:a:ionicframework:ionic_web_view:2.0.2
-
cpe:2.3:a:ionicframework:ionic_web_view:2.0.3
-
cpe:2.3:a:ionicframework:ionic_web_view:2.1.0
-
cpe:2.3:a:ionicframework:ionic_web_view:2.1.1
-
cpe:2.3:a:ionicframework:ionic_web_view:2.1.2
-
cpe:2.3:a:ionicframework:ionic_web_view:2.1.3
-
cpe:2.3:a:ionicframework:ionic_web_view:2.1.4