Security Advisory

CVE-2021-28099

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-23 20:28:52

Last updated 2024-08-03 21:33:17

Assigner netflix

State PUBLISHED

Description

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.

← Browse all CVEs View on cve.org ↗