cvedb.io
CVE-2015-5204
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-12-17T19:59:01.417 · Last modified 2026-06-17T00:28:40.150

Summary

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.

Affected products

apache — cordova_file_transfer

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.