Description
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
Remediation
References
https://lists.apache.org/thread/3bxf7rbf4zh95r78jtgth6gwhr5fyl2j
Related Vulnerabilities
CVE-2020-6429 Vulnerability in npm package electron
CVE-2016-7103 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2023-31469 Vulnerability in maven package org.apache.streampipes:streampipes-rest
CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler
CVE-2023-29202 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-macro-rss