Vulnerability	Vulnerable Version
M Improper Certificate Validation apache-airflow-providers-smtp is a Provider for Apache Airflow. Implements apache-airflow-providers-smtp package Affected versions of this package are vulnerable to Improper Certificate Validation. Due to the improper validation in the SSL context, an attacker could potentially intercept the client's communication in a MITM position. This vulnerability allows for the acceptance of any server's X.509 certificate leading to possible disclosure of mail server credentials or mail content. Note: This is only exploitable if the default SSL context is being used. The attacker will need to inject themselves within the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications. How to fix Improper Certificate Validation? Upgrade `apache-airflow-providers-smtp` to version 1.3.0 or higher.	[,1.3.0)

Improper Certificate Validation

apache-airflow-providers-smtp is a Provider for Apache Airflow. Implements apache-airflow-providers-smtp package

Affected versions of this package are vulnerable to Improper Certificate Validation. Due to the improper validation in the SSL context, an attacker could potentially intercept the client's communication in a MITM position. This vulnerability allows for the acceptance of any server's X.509 certificate leading to possible disclosure of mail server credentials or mail content.

Note:

This is only exploitable if the default SSL context is being used. The attacker will need to inject themselves within the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications.

How to fix Improper Certificate Validation?

Upgrade apache-airflow-providers-smtp to version 1.3.0 or higher.

[,1.3.0)

Go back to all versions of this package