Apache Cordova Android File Transfer plugin versions 1.2.1 and below suffer from an HTTP header injection vulnerability.