CVE-2015-5204

4 documents4 sources

Severity

4.3MEDIUM

EPSS

1.0%

top 22.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Cordova File Transfer

Timeline

PublishedDec 17

Latest updateMay 17

Description

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/cordova_file_transfer1.2.1

🔴Vulnerability Details

GHSA

GHSA-5cr8-pc55-3vrc: CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1↗2022-05-17

▶

CVEList

CVE-2015-5204: CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1↗2015-12-17

▶

💥Exploits & PoCs

Exploit-DB

AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation↗2015-02-04

▶