CVE-2021-28099

CVE-2021-28099

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.

Source: CVE-2021-28099

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다