CVE-2024-29733

Name of the Vulnerable Software and Affected Versions Apache Airflow FTP Provider versions prior to 3.7.0

Description The issue is related to improper certificate validation in FTP TLS connections, which can potentially be leveraged by an attacker. This can impact the confidentiality, integrity, and availability of protected information. The FTP hook lacks complete certificate validation, allowing for potential exploitation. Implementing proper certificate validation by passing context=ssl.create default context() during FTP TLS instantiation can be used as mitigation to validate certificates properly.

Recommendations To fix the issue, upgrade to version 3.7.0, which includes the necessary fixes for proper certificate validation. As a temporary workaround, consider implementing proper certificate validation by passing context=ssl.create default context() during FTP TLS instantiation to validate certificates properly.