CVE-2024-25141
Published
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
Apache Airflow - A platform to programmatically author, schedule, and monitor workflows
GitHub