Today > 8 Critical | 1 High | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-29733

April 21, 2024, 6:15 p.m.

Tags

Product(s) Impacted

Apache Airflow FTP Provider

  • before 3.7.0

Description

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue.

Weaknesses

Date

Published: April 21, 2024, 6:15 p.m.

Last Modified: April 21, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References

https://docs.python.org/ security@apache.org
https://github.com/ security@apache.org
https://github.com/ security@apache.org
https://lists.apache.org/ security@apache.org