VYPR

Maven package

org.apache.gobblin/gobblin-core

pkg:maven/org.apache.gobblin/gobblin-core

Vulnerabilities (2)

  • CVE-2021-36152CriFeb 4, 2022
    affected < 0.16.0fixed 0.16.0

    Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.

  • CVE-2021-36151MedFeb 4, 2022
    affected < 0.16.0fixed 0.16.0

    In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.