CRITICAL🇬🇧 English

CVE-2020-1889

CVSS 10.0v3.1pub. 2020-09-03upd. 2024-11-21

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Whatsapp Desktop

    APP
    Whatsapp
    < 0.3.4932
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2019-11928MEDIUM6.1ten sam produkt

An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site script...

CVE-2019-3568CRITICAL9.8⚠ KEVten sam vendor

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted ser...

CVE-2022-36934CRITICAL9.8ten sam vendor

An integer overflow in WhatsApp could result in remote code execution in an established video call.

CVE-2021-24043CRITICAL9.1ten sam vendor

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business fo...

CVE-2021-24042CRITICAL9.8ten sam vendor

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23,...