CVE-2021-34422

Summary

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncKeybase Client for Windowsunspecified < 5.7.0affected

Weaknesses

  • Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References