CVE-2019-3571Improper Encoding or Escaping of Output in Whatsapp Desktop

CWE-116Improper Encoding or Escaping of OutputCWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 53.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Facebook Whatsapp DesktopWhatsapp
Timeline
PublishedJul 16
Latest updateMay 24

Description

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5facebook/whatsapp_desktopunspecified0.3.3793+1
NVDwhatsapp/whatsapp< 0.3.3793

🔴Vulnerability Details

2
GHSA
GHSA-78r4-4fjf-6phv: An input validation issue affected WhatsApp Desktop versions prior to 02022-05-24
CVEList
CVE-2019-3571: An input validation issue affected WhatsApp Desktop versions prior to 02019-07-16
CVE-2019-3571 — Improper Encoding or Escaping of Output | cvebase