Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal of file names in Keybase Client for Windows
Vulnerability Description
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Keybase 路径遍历漏洞
Vulnerability Description
Keybase是一套基于PGP技术的、支持端到端加密的社交网络平台。 Keybase Client for Windows 5.7.0之前版本存在安全漏洞,攻击者可利用该漏洞使用精心编制的文件名将文件上载到共享文件夹,导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A