CVE-2021-34422

Name of the Vulnerable Software and Affected Versions Keybase Client for Windows versions prior to 5.7.0

Description The issue is related to a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name, potentially allowing a user to execute an application not intended on their host machine. This could lead to remote code execution, especially if the public folder sharing feature of the Keybase client is exploited.

Recommendations For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to shared folders and limiting the ability to upload files with specially crafted names until the update is applied.