CVE-2021-23521: 
Linux Debian vulnerability analysis and mitigation

CVE-2021-23521 is a link following vulnerability discovered in JUCE framework, an open-source cross-platform C++ application framework. The vulnerability was disclosed on January 26, 2022, and affects versions prior to 6.1.5. The issue occurs when processing maliciously crafted archives containing symbolic links (Snyk).

The vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. The vulnerable code exists in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object. When extracted, the symbolic link is followed outside of the target directory, allowing writing of arbitrary files on the target host. The vulnerability has been assigned a CVSS base score of 7.8 (high severity) by NVD and 5.5 (medium severity) by Snyk (Snyk).

When successfully exploited, this vulnerability can lead to a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. In some cases, this can allow an attacker to execute arbitrary code on the target system (Snyk).

The recommended mitigation is to upgrade JUCE framework to version 6.1.5 or higher, which contains the security fix for this vulnerability (Snyk).