PyPi: Apache-Airflow-Providers-Mongo

CVE-2024-25141

Safety vulnerability ID: 66701

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 20, 2024 Updated at Feb 26, 2025

Scan your Python projects for vulnerabilities →

Advisory

When SSL was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.

Affected package

apache-airflow-providers-mongo

Latest version: 5.0.1

Provider package apache-airflow-providers-mongo for Apache Airflow

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm
https://github.com/apache/airflow/commit/a5a6549e5b6609c8feeab992731854ebffddcd1c
https://github.com/apache/airflow/pull/37214
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25141

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application