Moderate severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024
CVE-2021-28099
CVE-2021-28099
Description
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.netflix.hollow:hollowMaven | <= 6.1.0 | — |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9295-mhf3-v33mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28099ghsaADVISORY
- github.com/JLLeitschuh/security-research/security/advisories/GHSA-j83w-7qr9-wv86ghsaWEB
- github.com/Netflix/hollow/issues/502ghsaWEB
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.mdghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.