CVE-2021-34426

Summary

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user's local system.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncKeybase Client for Windowsunspecified < 5.6.0affected

Weaknesses

  • Untrusted Search Path

ADP Enrichment

CVE Program Container

Additional References

References