CVE-2020-1890

Summary

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.20.11affected
FacebookWhatsApp for Androidunspecified < 2.20.11affected
FacebookWhatsApp Business for Android2.20.2affected
FacebookWhatsApp Business for Androidunspecified < 2.20.2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References