Noah Stapp

**Name of the Vulnerable Software and Affected Versions** apache-airflow-providers-mongo versions prior to 4.0.0 **Description** The issue arises when SSL is enabled for the Mongo Hook, and the default settings include `allow insecure`, which causes certificates not to be validated. This behavior is unexpected and undocumented. **Recommendations** For versions prior to 4.0.0, upgrade to version 4.0.0 to fix the issue. As a temporary workaround, consider disabling the SSL setting for the Mongo Hook until the upgrade is applied. Restrict access to the Mongo Hook to minimize the risk of exploitation. Avoid using the `allow insecure` setting in the affected configuration until the issue is resolved.