Apache · Apache Cordova Android · CVE-2015-1835
**Name of the Vulnerable Software and Affected Versions**
Apache Cordova Android versions prior to 3.7.2
Apache Cordova Android 4.x versions prior to 4.0.2
**Description**
The issue allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL, when an application does not set explicit values in config.xml.
**Recommendations**
For Apache Cordova Android versions prior to 3.7.2, update to version 3.7.2 or later.
For Apache Cordova Android 4.x versions prior to 4.0.2, update to version 4.0.2 or later.