Advisories for Npm/Cordova-Android package

2020

Improper Access Control

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

2018
2017

Inclusion of Sensitive Information in Log Files

Product: Apache Cordova Android. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android (Jelly Bean), …