HIGH🇬🇧 English

CVE-2025-24793

CVSS 7.0v3.1pub. 2025-01-29upd. 2025-08-25

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Snowflake Connector

    APP
    Snowflake
    2.2.5 – 3.13.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-34230HIGH7.3ten sam produkt

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version...

CVE-2023-34232HIGH7.3ten sam produkt

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign ...

CVE-2023-34233HIGH8.8ten sam produkt

The Snowflake Connector for Python provides an interface for developing Python applications that can connect t...

CVE-2025-24788MEDIUM5.0ten sam produkt

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerabili...

CVE-2025-24791MEDIUM4.4ten sam produkt

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerabili...