Headline
CVE-2023-2507: GitHub - CleverTap/clevertap-cordova: CleverTap Cordova Plugin
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.
This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.
CleverTap Cordova Plugin
๐ Introduction
The CleverTap Cordova Plugin for Mobile Customer Engagement and Analytics solutions.
For more information check out our website and documentation.
To get started, sign up here.
โ Supported Versions
- CleverTap Android SDK version 4.6.6
- CleverTap iOS SDK version 4.2.2
๐ Installation and Quick Start
To install CleverTap for Cordova, follow the steps mentioned below:
When you create your CleverTap account, you will also get a -Test account. Use the -Test account for development and the main account for production.
Install the Plugin
Grab the Account ID and Token values from your CleverTap Dashboard -> Settings.
For Android Important
Starting with v2.0.0, the plugin uses FCM rather than GCM. To configure FCM, add your google-services.json to the root of your cordova project before you add the plugin.
The plugin uses an after plugin add hook script to configure your project for FCM.
If the google-services.json file is not present in your project when the script runs, FCM will not be configured properly and will not work.
Using Cordova
ensure npm is installed: npm -g install npm
cordova plugin add https://github.com/CleverTap/clevertap-cordova.git --variable CLEVERTAP_ACCOUNT_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"
Using Ionic
ionic cordova plugin add clevertap-cordova@latest --variable CLEVERTAP_ACCOUNT_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"
For Ionic 5
npm install @ionic-native/clevertap --save
- Be sure to add CleverTap as a provider in your app module.
constructor(platform: Platform, statusBar: StatusBar, splashScreen: SplashScreen, clevertap: CleverTap) { platform.ready().then(() => { // Okay, so the platform is ready and our plugins are available. // Here you can do any higher level native things you might need. statusBar.styleDefault(); splashScreen.hide();
...
clevertap.setDebugLevel(2);
clevertap.getCleverTapID()((id) \=> {console.log(id)});
...
});
} }
๐ Integration
See our Technical Documentation for Android and Technical Documentation for iOS for instructions on integrating CleverTap into your app.
๐ Documentation & Example
See our CleverTap Plugin Usage Documentation
See the included Example Cordova project for usage.
See the included Ionic Example project for usage.
โ๏ธ Questions?
If you have questions or concerns, you can reach out to the CleverTap support team from the CleverTap Dashboard.
TroubleShooting Guide: Please refer here if you are facing common integration issues.
Related news
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.