Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.7 views

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

4.4CVSS6.7AI score0.00243EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/03/29 6:25 p.m.4 views

com.github.igorperikov:hollow-maven-plugin (>=0.1.1 <=1.0.1), com.netflix.hollow:hollow-diff-ui (>=2.0.0 <=6.1.0) +8 more potentially affected by CVE-2021-28099 via com.netflix.hollow:hollow (>=2.0.0 <=6.1.0)

com.netflix.hollow:hollow MAVEN version =2.0.0, =0.1.1, =2.0.0, =2.5.0, =2.0.0, =4.3.0, =2.16.0, =2.5.0, =2.0.0, =0.1.0, =0.1.0, =2.0.0 Source cves: CVE-2021-28099 Source advisory: OSV:GHSA-9295-MHF3-V33M...

4.4CVSS5.8AI score0.00243EPSS
Exploits0
OSV
OSV
added 2021/03/23 9:15 p.m.5 views

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

4.4CVSS5.8AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2021/03/23 8:28 p.m.97 views

CVE-2021-28099

The provided connected documents confirm CVE-2021-28099 affects Netflix OSS Hollow. The vulnerability arises because Hollow calls Files.exists(parent) before creating directories, enabling an attacker who can create directories to pre-create the target directory with wide permissions. Additionall...

4.4CVSS4.6AI score0.00243EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder