Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2507: GitHub - CleverTap/clevertap-cordova: CleverTap Cordova Plugin

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.

This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

CVE
#web#ios#android#google#nodejs#js#git#java#perl

CleverTap Cordova Plugin

๐Ÿ‘‹ Introduction

The CleverTap Cordova Plugin for Mobile Customer Engagement and Analytics solutions.

For more information check out our website and documentation.

To get started, sign up here.

โœ… Supported Versions

  • CleverTap Android SDK version 4.6.6
  • CleverTap iOS SDK version 4.2.2

๐Ÿš€ Installation and Quick Start

To install CleverTap for Cordova, follow the steps mentioned below:

When you create your CleverTap account, you will also get a -Test account. Use the -Test account for development and the main account for production.

Install the Plugin

Grab the Account ID and Token values from your CleverTap Dashboard -> Settings.

For Android Important

Starting with v2.0.0, the plugin uses FCM rather than GCM. To configure FCM, add your google-services.json to the root of your cordova project before you add the plugin.
The plugin uses an after plugin add hook script to configure your project for FCM.
If the google-services.json file is not present in your project when the script runs, FCM will not be configured properly and will not work.

Using Cordova

ensure npm is installed: npm -g install npm

cordova plugin add https://github.com/CleverTap/clevertap-cordova.git --variable CLEVERTAP_ACCOUNT_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"

Using Ionic

ionic cordova plugin add clevertap-cordova@latest --variable CLEVERTAP_ACCOUNT_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"

For Ionic 5

npm install @ionic-native/clevertap --save

  • Be sure to add CleverTap as a provider in your app module.

constructor(platform: Platform, statusBar: StatusBar, splashScreen: SplashScreen, clevertap: CleverTap) { platform.ready().then(() => { // Okay, so the platform is ready and our plugins are available. // Here you can do any higher level native things you might need. statusBar.styleDefault(); splashScreen.hide();

  ...
  clevertap.setDebugLevel(2);
  clevertap.getCleverTapID()((id) \=> {console.log(id)});
  ...
});

} }

๐Ÿ›  Integration

See our Technical Documentation for Android and Technical Documentation for iOS for instructions on integrating CleverTap into your app.

๐Ÿ“‘ Documentation & Example

  • See our CleverTap Plugin Usage Documentation

  • See the included Example Cordova project for usage.

  • See the included Ionic Example project for usage.

โ‰๏ธ Questions?

If you have questions or concerns, you can reach out to the CleverTap support team from the CleverTap Dashboard.

TroubleShooting Guide: Please refer here if you are facing common integration issues.

Related news

GHSA-x2ph-qqwm-9cc6: CleverTap Cordova plugin vulnerable to Cross-site Scripting

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman ยท Pull Request #14969 ยท redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907