CVE-2021-28100: Netflix/Priam: Temporary Directory Information Disclosure

March 30, 2021

Priam uses File.createTempFile, which gives the permissions on that file -rw-r–r–. An attacker with read access to the local filesystem can read anything written there by the Priam process.

References

github.com/JLLeitschuh/security-research/security/advisories/GHSA-f4jh-ww96-9h9j
github.com/advisories/GHSA-f4jh-ww96-9h9j

Code Behaviors & Features

Detect and mitigate CVE-2021-28100 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →