CVE-2020-1904

2020-10-0617:35:26

CWE-23

facebook

www.cve.org

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.

CNA Affected

[
  {
    "product": "WhatsApp for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.20.61"
      },
      {
        "lessThan": "2.20.61",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp Business for iOS",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "2.20.61"
      },
      {
        "lessThan": "2.20.61",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2020/