CVE-2015-5204
Apache Cordova File Transfer Plugin <1.3.0 - CRLF Injection
Title source: llmDescription
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cordova.apache.org/news/2015/09/21/file-transfer-release.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76832
Scores
EPSS
0.0101
EPSS Percentile
77.4%
Details
Status
published
Products (1)
apache/cordova_file_transfer
< 1.2.1
Published
Dec 17, 2015
Tracked Since
Feb 18, 2026