VYPR
Moderate severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024

CVE-2021-28099

CVE-2021-28099

Description

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.netflix.hollow:hollowMaven
<= 6.1.0

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.