CVE-2024-25141

Publication date

2024-02-20 20:30:28

Family

apache

State

PUBLISHED

Description

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.