Filtered by vendor Netflix Subscriptions
Filtered by product Hollow Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-28099 1 Netflix 1 Hollow 2024-11-21 4.4 Medium
In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated.