My app not pass in pentest because my webview is no security. They return this info "Remote Code Execution em WebView RCE - CVE-2013-4710".
I need information for resolve this problem and distribute my app.
Thanks for help.
how to avoid remote code execution in webview appcelerator?
195 Views Asked by Felipe At
1
There are 1 best solutions below
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in WEBVIEW
- Android jetpack compose webview, image selector not works
- After progressbar load website is not loading in android webview
- Awaited promise for navigator.mediaDevices.getUserMedia neither resolves or throws an error
- Flutter WebViewWidget inside StatefulWidget does not dispose
- Crash : org.chromium.android_webview.AwDataDirLock.b
- Tauri Build Error unterminated character in import
- Update your browser to use...in android webview application
- Face Recognition in Windows Logon
- Flutter Webview translate the page
- Prevent checking checkbox input in contentEditable from stealing focus from editor in Android webview?
- Touch Problem with slider on Android 12 compared to Android 8 in vuejs webapp in WebView
- Asset file not being included on older versions of Android
- Unable to Trigger JavaScript Actions in WKWebView for W3Schools "Try it Yourself" Button (iOS/UIKIT)
- TadingView Charts in Flutter Dart are responsive on App
- Flutter webview fails to load Urls with error 'ERR_INVALID_RESPONSE' on Android but works on iOS
Related Questions in APPCELERATOR
- Appcelerator Platform support error in adhoc build of Titanium mobile
- How to connect Stripe terminal bluetooth reader to Android app using Appcelerator Titanium
- Incorrect Data Being Retrieved on ListView Click in Titanium
- Appcelerator Device Token converted to FCM token
- Appcelerator APP with add's, using AdMob or StartApp
- appcelerator ERROR | Bad response from login (incorrect user data), please try again
- Can't login with appc login
- Unable to start emulator in CMD first Appcelerator project
- Npm strange bug, Titanium Appc Alloy
- How to publish Appcelerator app to google playstore / Apple store?
- Appcelerator titanium alloy build error build fail CopySwiftLibs
- Does APNs provider API requirement starts March 31 notice applicable to Appcelerator Mobile Backend Services
- Titanium ios build error: The folder “Headers” doesn’t exist
- Appcelerator app, iOS reviewer rejected app build for issue not present in the Simulator
- Appcelerator Titanium iOS Background Service Stop 30 Seconds
Related Questions in TITANIUM-ALLOY
- JSON Parse Error: Unexpected Identifier "undefined" in Titanium-based iOS Application
- Npm strange bug, Titanium Appc Alloy
- Appcelerator titanium alloy build error build fail CopySwiftLibs
- JavaScript ES6 setInterval in a static class method
- Updating an application from titanium sdk 3.4.0.GA to 9.2.0.GA making my fonts looks very very small
- How to remove white color circular border in google devices like pixel
- how to avoid remote code execution in webview appcelerator?
- Titanium Module (is there any module or support of App dynamics for titanium appcelrator)
- Alloy compiler failed but classic Titanium works
- Appcelerator Notification createRemoteViews click event listener
- Where is the leak in HTTPClient
- Titanium http request leak
- Why does Titanium Alloy have so many leaks?
- Titanium ListView template conditional rendering
- Titanium Alloy ImageView from applicationDataDirectory
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
CVE-2013-4710 is a vulnerability in WebView, you can find the issue here: https://www.cvedetails.com/cve/CVE-2013-4710/ it looks like it affects really old versions of Android (3.x - 4.x) and the current version is 10.x. From what I can gather, the fix is to not use an old version of Android. If your app is using a new version of Android, then this might be a false positive in the tool used to scan your app. What tool said you had the issue?