CVE-2023-39441
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by a certificate validation weakness in the OpenSSL-based SSL context. The default SSL context did not verify server X.509 certificates, allowing an attacker in a MIT...