Apache Cordova · Cordova-Plugin-Ionic-Webview · CVE-2018-16202
**Name of the Vulnerable Software and Affected Versions**
cordova-plugin-ionic-webview versions prior to 2.2.0
**Description**
The issue is related to a directory traversal vulnerability in the cordova-plugin-ionic-webview, which allows remote attackers to access arbitrary files via unspecified vectors. This vulnerability is due to insufficient restrictions on directory path names, enabling a remote attacker to access local files that should be inaccessible to third-party applications. The package launches a web server listening on http://localhost:8080 without restricting access, thus escaping the iOS application sandbox and accessing local files.
**Recommendations**
Upgrade to version 2.2.0