Path Traversal in Facebook Whatsapp Business For Android

CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

EPSS: 0.005 (65.7th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Business For Android — versions unspecified
Facebook Whatsapp For Android — versions unspecified

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

www.whatsapp.com/security/advisories/2021/ (x_refsource_CONFIRM)