Path Traversal Vulnerability in WhatsApp for Android and WhatsApp Business for Android

CVE-2021-24035 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

Learn more about our Cis Benchmark Audit For Google Android.