2 matches found
CVE-2021-28099
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...
Netflix Hollow 安全特征问题漏洞
Netflix Hollow is a Java library and toolset from Netflix, Inc. for propagating in-memory datasets from a single producer to many consumers for high-performance read-only access. Netflix Hollow suffers from a security vulnerability that can be exploited by an attacker to pre-create directories wi...