URL Validation Flaw in WhatsApp for Android Affects Multiple Versions
CVE-2020-1890
7.5HIGH
What is CVE-2020-1890?
A vulnerability in WhatsApp for Android versions prior to v2.20.11 and WhatsApp Business for Android versions prior to v2.20.2 could allow an attacker to exploit a URL validation flaw. This issue may enable the recipient of a sticker message with specially crafted data to load an image from a URL controlled by the sender automatically, without requiring user consent. This behavior poses privacy risks and could be leveraged for malicious purposes.
Affected Version(s)
WhatsApp Business for Android 2.20.2
WhatsApp Business for Android < 2.20.2
WhatsApp for Android 2.20.11