Android applications created using Apache Cordova that use a remote server contain a vulnerability where whitelist restrictions are not properly applied. Improperly crafted URIs could be used to circumvent the whitelist, allowing for the execution of non-whitelisted Javascript. Versions 3.7.2 and below are affected.
468458d33746c0862b6ee47045cc0b4a5cc12550b39e5ec7f6aa2a3a16cc6bd8