exploitDog

CVE-2021-28099

Опубликовано: 23 мар. 2021

Источник: nvd

CVSS3: 4.4

CVSS2: 3.6

EPSS Низкий

Описание

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.

Ссылки

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md
Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netflix:hollow:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-9295-mhf3-v33m

CVSS3: 4.4

github

почти 5 лет назад

Insecure temporary file in Netflix OSS Hollow

EPSS

Процентиль: 10%

0.00035

Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-330