5 matches found
CVE-2021-28099
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...
EUVD-2021-0635
Malware in sbrugna...
Insecure temporary file in Netflix OSS Hollow
ID: NFLX-2021-001 Title: Local information disclosure in Hollow Release Date: 2021-03-23 Credit: Security Researcher @JLLeitschuh Overview Security researcher @JLLeitschuh reported that Netflix Hollow a Netflix OSS project available here: https://github.com/Netflix/hollow writes to a local...
Design/Logic Flaw
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...
CVE-2021-28099
In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...