A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
Max CVSS
9.1
EPSS Score
0.10%
Published
2021-06-11
Updated
2021-06-21
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-10-06
Updated
2022-02-05
2 vulnerabilities found