VYPR

Maven package

com.netflix.hollow/hollow

pkg:maven/com.netflix.hollow/hollow

Vulnerabilities (1)

  • CVE-2021-28099Mar 23, 2021
    affected <= 6.1.0

    In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically ca