CVE-2020-1904
MEDIUMWhatsApp and WhatsApp Business < 2.20.61 - Path Traversal via Crafted Office File Attachments
Title source: llmDescription
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.whatsapp.com/security/advisories/2020/
Scores
CVSS v3
5.5
EPSS
0.0110
EPSS Percentile
61.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
CWE-23
Status
published
Products (2)
whatsapp/whatsapp
< 2.20.61
whatsapp/whatsapp_business
< 2.20.61
Published
Oct 06, 2020
Tracked Since
Feb 18, 2026