Maven package
org.apache.gobblin/gobblin-core
pkg:maven/org.apache.gobblin/gobblin-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36152 | Cri | 9.8 | < 0.16.0 | 0.16.0 | Feb 4, 2022 | Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | |
| CVE-2021-36151 | Med | 5.5 | < 0.16.0 | 0.16.0 | Feb 4, 2022 | In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. |
- affected < 0.16.0fixed 0.16.0
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
- affected < 0.16.0fixed 0.16.0
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.