CVE-2020-1889

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0420%

EPSS Percentile38.58th

PublishedSep 3, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.

Affected Platforms (CPE)

📦

Whatsapp Desktop

< 0.3.4932

References & Advisories

🔗 https://www.whatsapp.com/security/advisories/2020/

Related Vulnerabilities

CVE-2021-240429.8

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS pr...

CVE-2021-240439.1

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2...

CVE-2019-184268.2

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allo...

CVE-2019-119286.1

An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on...