URL Validation Flaw in WhatsApp for Android Affects Multiple Versions
CVE-2020-1890

7.5HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp Business For Android
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-1890?

A vulnerability in WhatsApp for Android versions prior to v2.20.11 and WhatsApp Business for Android versions prior to v2.20.2 could allow an attacker to exploit a URL validation flaw. This issue may enable the recipient of a sticker message with specially crafted data to load an image from a URL controlled by the sender automatically, without requiring user consent. This behavior poses privacy risks and could be leveraged for malicious purposes.

Affected Version(s)

WhatsApp Business for Android 2.20.2

WhatsApp Business for Android < 2.20.2

WhatsApp for Android 2.20.11

References

https://www.whatsapp.com/security/advisories/2020

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Dec 2, 2019

Facebook

What is CVE-2020-1890?

Affected Version(s)

References

CVSS V3.1

Timeline