CVE-2020-1890Improper Input Validation in Whatsapp Business FOR Android

CWE-20Improper Input Validation5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Facebook Whatsapp Business FOR AndroidFacebook Whatsapp FOR AndroidWhatsapp+1 more
Timeline
PublishedSep 3
Latest updateMay 24

Description

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5facebook/whatsapp_business_for_androidunspecified2.20.2+1
CVEListV5facebook/whatsapp_for_androidunspecified2.20.11+1
NVDwhatsapp/whatsapp< 2.20.11

🔴Vulnerability Details

2
GHSA
GHSA-rxc8-w9g4-8cjw: A URL validation issue in WhatsApp for Android prior to v22022-05-24
CVEList
CVE-2020-1890: A URL validation issue in WhatsApp for Android prior to v22020-09-03

💬Community

2
Bugzilla
CVE-2020-14814 mysql: Server: DML unspecified vulnerability (CPU Oct 2020)2020-10-22
Bugzilla
CVE-2020-14804 mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)2020-10-22
CVE-2020-1890 — Improper Input Validation | cvebase