Facebook has patched a WhatsApp vulnerability that would have allowed attackers to read files from a user’s local file system. The flaw was discovered by PerimeterX researcher Gal Weizman when he found a gap in WhatsApp’s Content Security Policy (CSP) that allowed for cross-site scripting (XSS) on the desktop app. The vulnerability received an 8.2 high severity CVSS 3.x base score, but, although it could be exploited remotely, it also required user interaction for exploit attempts to be successful.
Source: https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attackers-to-access-the-local-file-system/