GHSA-9r64-3wmc-x8m8

Опубликовано: 26 июн. 2025

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.

This issue affects Apache Airflow Providers Snowflake: before 6.4.0.

Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Ссылки

Пакеты

Наименование

apache-airflow-providers-snowflake

pip

Затронутые версииВерсия исправления

< 6.4.0

6.4.0

EPSS

Процентиль: 25%

0.00084

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-50213

Дефекты

CWE-75

Связанные уязвимости

CVE-2025-50213

CVSS3: 9.8

nvd

около 2 месяцев назад

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

BDU:2025-09076

CVSS3: 9.8

fstec

около 2 месяцев назад

Уязвимость функции CopyFromExternalStageToSnowflakeOperator() пакета интеграции с облачной платформой данных Apache Airflow Providers Snowflake, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 25%

0.00084

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-50213

Дефекты

CWE-75