2015-11-25 Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5256 あらら。