CVE-2020-1904Relative Path Traversal in Whatsapp Business FOR IOS

CWE-23Relative Path TraversalCWE-22Path Traversal3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 36.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Facebook Whatsapp Business FOR IOSFacebook Whatsapp FOR IOSWhatsapp+1 more
Timeline
PublishedOct 6
Latest updateMay 24

Description

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5facebook/whatsapp_business_for_iosunspecified2.20.61+1
NVDwhatsapp/whatsapp< 2.20.61
CVEListV5facebook/whatsapp_for_iosunspecified2.20.61+1

🔴Vulnerability Details

2
GHSA
GHSA-v6f2-92p8-cg2q: A path validation issue in WhatsApp for iOS prior to v22022-05-24
CVEList
CVE-2020-1904: A path validation issue in WhatsApp for iOS prior to v22020-10-06
CVE-2020-1904 — Relative Path Traversal | cvebase