CVE-2021-28099
N/A
N/A
Summary
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Netflix OSS Hollow | All versions | affected |
Weaknesses
- Local Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.