Snowflake Connector for Python has an SQL Injection in write_pandas

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Snowflake Connector for Python SQL注入漏洞

Snowflake Connector for Python是Snowflake Computing开源的一个接口。用于开发可以连接到 Snowflake 并执行所有标准操作的 Python 应用程序。 Snowflake Connector for Python 3.13.1之前版本存在SQL注入漏洞，该漏洞源于容易受到SQL注入攻击。

N/A

N/A