Apache Software Foundation Apache Cordova Android vulnerabilities

CVE-2017-3160 [HIGH] CVE-2017-3160: After the Android platform is added to Cordova the first time, or after a project is created using t After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts imme

CVE-2016-6799 [HIGH] CWE-532 CVE-2016-6799: Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. M Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be re