{"id":"CVE-2021-34422","details":"The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.","modified":"2026-04-10T05:44:27.820477Z","published":"2021-11-11T23:15:10.143Z","references":[{"type":"ADVISORY","url":"https://explore.zoom.us/en/trust/security/security-bulletin"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keybase/client","events":[{"introduced":"0"},{"fixed":"e3826b703a3df9c4bc041285e264f747da7795fa"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.7.0"}]}}],"versions":["0.1.1","0.1.2","0.1.3","0.1.6","0.1.7","0.1.8","0.8.1","1.0.0-28","dummy-build","help","trailing-comma-after","trailing-comma-before","v1.0.0-14","v1.0.0-15","v1.0.0-16","v1.0.0-17","v1.0.0-18","v1.0.0-19","v1.0.0-20","v1.0.0-21","v1.0.0-22","v1.0.0-23","v1.0.0-24","v1.0.0-25","v1.0.0-27","v1.0.0-28","v1.0.0-29","v1.0.0-29a","v1.0.0-29b","v1.0.0-29c","v1.0.0-29d","v1.0.0-29e","v1.0.0-29f","v1.0.0-29g","v1.0.0-30","v1.0.0-31","v1.0.0-32","v1.0.0-34","v1.0.0-35","v1.0.0-36","v1.0.0-37","v1.0.0-38","v1.0.0-39","v1.0.0-40","v1.0.0-41","v1.0.0-42","v1.0.0-43","v1.0.0-44","v1.0.0-45","v1.0.0-46","v1.0.0-47","v1.0.0-beta.1","v1.0.0-beta.8","v1.0.1-0","v1.0.12-0","v1.0.13-0","v1.0.14-0","v1.0.14-1","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.2-0","v1.0.20","v1.0.21","v1.0.22","v1.0.27","v1.0.28","v1.0.29","v1.0.3-0","v1.0.30","v1.0.31","v1.0.33","v1.0.34","v1.0.36","v1.0.39","v1.0.4-0","v1.0.4-4","v1.0.40","v1.0.41","v1.0.43","v1.0.44","v1.0.46","v1.0.47","v1.0.48","v1.0.5-0","v1.0.5-1","v1.0.5-2","v1.0.5-4","v1.0.5-5","v1.0.5-6","v1.0.5-6-windows","v1.0.5-7-windows","v1.0.6-0","v1.0.6-0-windows","v1.0.6-1","v1.0.6-1-windows","v1.0.7-0","v1.0.7-0-windows","v1.0.8-0","v1.0.8-0-windows","v1.0.9-0","v1.0.9-1","v2.0.0","v2.1.0","v2.3.0","v2.5.0","v2.6.0","v2.7.0","v2.8.0","v2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34422.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}]}