Insecure Temporary File in horovod/horovod
Jan 8th 2022
horovod package is using the deprecated function
tempfile.mktemp() which is not secure. Because a different process may create a file with this name in the time between the call to
mktemp() and the subsequent attempt to create the file by the first process.
Availability will get affected because of this vulnerability.
mkstemp() instead of