CVE-2024-25141
EUVD-2024-076020.02.2024, 21:15
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | apache-airflow-providers-mongo | 1.0.0 ≤ 𝑥 < 4.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References