GHSA-x5pm-h33q-cjrw

Suggest an improvement
Source
https://github.com/advisories/GHSA-x5pm-h33q-cjrw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-x5pm-h33q-cjrw/GHSA-x5pm-h33q-cjrw.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x5pm-h33q-cjrw
Aliases
  • CVE-2024-25141
Published
2024-02-20T21:30:26Z
Modified
2024-02-21T02:42:11.519178Z
Summary
Improper Certificate Validation in apache airflow mongo hook
Details

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.

References

Affected packages

PyPI / apache-airflow-providers-mongo

Package

Name
apache-airflow-providers-mongo
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow-providers-mongo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.0

Affected versions

1.*

1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1

2.*

2.0.0rc1
2.0.0rc2
2.0.0
2.1.0rc1
2.1.0
2.2.0rc1
2.2.0
2.3.0rc1
2.3.0
2.3.1rc1
2.3.1
2.3.2rc1
2.3.2
2.3.3rc1
2.3.3

3.*

3.0.0rc1
3.0.0rc2
3.0.0
3.1.0rc1
3.1.0
3.1.1rc1
3.1.1
3.2.0rc1
3.2.0rc2
3.2.0
3.2.1rc1
3.2.1
3.2.2rc1
3.2.2
3.3.0rc1
3.3.0
3.4.0rc1
3.4.0
3.5.0rc1
3.5.0
3.6.0rc1
3.6.0rc2
3.6.0

4.*

4.0.0rc1