CVE-2020-1889

2020-09-0321:10:18

CWE-265

facebook

www.cve.org

10 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.

CNA Affected

[
  {
    "product": "WhatsApp Desktop",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "0.3.4932"
      },
      {
        "lessThan": "0.3.4932",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2020/