| |
Vulnerability CVE-2020-1904
Published: 2020-10-06
| Description: |
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages. |
Type:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.8/10 |
4.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
Partial |
References: |
https://www.whatsapp.com/security/advisories/2020/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
