Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.
History

Tue, 24 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 24 Jun 2025 07:30:00 +0000

Type Values Removed Values Added
Description Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.
Title Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator
Weaknesses CWE-75
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2025-06-24T07:06:53.128Z

Updated: 2025-06-24T18:03:35.296Z

Reserved: 2025-06-14T15:37:44.797Z

Link: CVE-2025-50213

cve-icon Vulnrichment

Updated: 2025-06-24T13:46:30.536Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-24T08:15:24.253

Modified: 2025-06-26T18:58:14.280

Link: CVE-2025-50213

cve-icon Redhat

No data.