CVE-2021-34422

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-34422

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34422.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-34422

Published

2021-11-11T23:15:10Z

Modified

2025-01-14T09:22:27.229281Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

References

https://explore.zoom.us/en/trust/security/security-bulletin

Affected packages

Git / github.com/keybase/client

Affected ranges

Type: GIT
Repo: https://github.com/keybase/client
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e3826b703a3df9c4bc041285e264f747da7795fa

Affected versions

0.*

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.8.1

1.*

1.0.0-28

Other

dummy-build

help

trailing-comma-after

trailing-comma-before

v1.*

v1.0.0-14

v1.0.0-15

v1.0.0-16

v1.0.0-17

v1.0.0-18

v1.0.0-19

v1.0.0-20

v1.0.0-21

v1.0.0-22

v1.0.0-23

v1.0.0-24

v1.0.0-25

v1.0.0-27

v1.0.0-28

v1.0.0-29

v1.0.0-29a

v1.0.0-29b

v1.0.0-29c

v1.0.0-29d

v1.0.0-29e

v1.0.0-29f

v1.0.0-29g

v1.0.0-30

v1.0.0-31

v1.0.0-32

v1.0.0-34

v1.0.0-35

v1.0.0-36

v1.0.0-37

v1.0.0-38

v1.0.0-39

v1.0.0-40

v1.0.0-41

v1.0.0-42

v1.0.0-43

v1.0.0-44

v1.0.0-45

v1.0.0-46

v1.0.0-47

v1.0.0-beta.1

v1.0.0-beta.8

v1.0.1-0

v1.0.10-0

v1.0.12-0

v1.0.13-0

v1.0.14-0

v1.0.14-1

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2-0

v1.0.20

v1.0.21

v1.0.22

v1.0.27

v1.0.28

v1.0.29

v1.0.3-0

v1.0.30

v1.0.31

v1.0.33

v1.0.34

v1.0.36

v1.0.39

v1.0.4-0

v1.0.4-4

v1.0.40

v1.0.41

v1.0.43

v1.0.44

v1.0.46

v1.0.47

v1.0.48

v1.0.5-0

v1.0.5-1

v1.0.5-2

v1.0.5-4

v1.0.5-5

v1.0.5-6

v1.0.5-6-windows

v1.0.5-7-windows

v1.0.6-0

v1.0.6-0-windows

v1.0.6-1

v1.0.6-1-windows

v1.0.7-0

v1.0.7-0-windows

v1.0.8-0

v1.0.8-0-windows

v1.0.9-0

v1.0.9-1

v2.*

v2.0.0

v2.1.0

v2.3.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0