CVE-2021-24035

EPSS 1.1%CWE-23

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

Affected products

Facebook · WhatsApp Business for Android Facebook · WhatsApp for Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.whatsapp.com/security/advisories/2021/