{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T19:05:17.352","vulnerabilities":[{"cve":{"id":"CVE-2021-34422","sourceIdentifier":"security@zoom.us","published":"2021-11-11T23:15:10.143","lastModified":"2024-11-21T06:10:22.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution."},{"lang":"es","value":"Keybase Client para Windows versiones anteriores a 5.7.0, contiene una vulnerabilidad de salto de ruta cuando comprueba el nombre de un archivo subido a una carpeta de equipo. Un usuario malicioso podría subir un archivo a una carpeta compartida con un nombre de archivo especialmente diseñado que podría permitir a un usuario ejecutar una aplicación que no estaba prevista en su máquina anfitriona. Si un usuario malicioso aprovechara este problema con la función de compartir carpetas públicas del cliente de Keybase, esto podría conllevar la ejecución de código remota"}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keybase:keybase:*:*:*:*:*:windows:*:*","versionEndExcluding":"5.7.0","matchCriteriaId":"BDDF516F-DBB2-411D-B91A-C1F19190C941"}]}]}],"references":[{"url":"https://explore.zoom.us/en/trust/security/security-bulletin","source":"security@zoom.us","tags":["Vendor Advisory"]},{"url":"https://explore.zoom.us/en/trust/security/security-bulletin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}