Описание
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.20.11 (исключая)Версия до 2.20.2 (исключая)
Одно из
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*
EPSS
Процентиль: 73%
0.00752
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
github
больше 3 лет назад
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
EPSS
Процентиль: 73%
0.00752
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
CWE-20