CVE-2021-24035

2021-06-1103:35:10

CWE-23

facebook

www.cve.org

filename validation

unzipping archives

whatsapp for android

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

CNA Affected

[
  {
    "product": "WhatsApp Business for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.8.13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WhatsApp for Android",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "v2.21.8.13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.whatsapp.com/security/advisories/2021/