apache-airflow is a platform to programmatically author, schedule, and monitor workflows.
Affected versions of this package are vulnerable to Improper Certificate Validation. The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
apache-airflow to version 1.10.1 or higher.
Do your applications use this vulnerable package?