1 results (0.002 seconds)
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28099
https://notcve.org/view.php?id=CVE-2021-28099
23 Mar 2021 — In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated. En Netflix OSS Hollow, dado que Files.exists(parent) se ejecuta antes de crear los directorios, un atacante puede crear previamente estos directorios con amplios permisos. Además, dado que se utiliza una fuente no seg... • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md • CWE-330: Use of Insufficiently Random Values •