{"schema_version": "1.6.1", "id": "CVE-2024-25141", "summary": "Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo ", "details": "When ssl was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented.\nUsers are recommended to upgrade to version 4.0.0, which fixes this issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.0.0"}, {"fixed": "4.0.0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/37214"}, {"type": "WEB", "url": "https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm"}]}