CVE-2021-28100

Published March 23rd, 2021

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

2.1

LOW

Affected

PROJECT

Description

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.

Netflix/security-bulletins

Security Bulletins that relate to Netflix Open Source

GitHub

746