PYSEC-2025-26

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/snowflake-connector-python/PYSEC-2025-26.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-26

Aliases

Published

2025-01-29T21:15:21Z

Modified

2025-04-09T17:59:21.846062Z

Summary

[none]

Details

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

References

Affected packages

PyPI / snowflake-connector-python

Package

Name: snowflake-connector-python; View open source insights on deps.dev
Purl: pkg:pypi/snowflake-connector-python

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-python
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f3f9b666518d29c31a49384bbaa9a65889e72056

Type: ECOSYSTEM
Events: Introduced

2.2.5

Fixed

3.13.1

Affected versions

2.*

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.3.10

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.5.0

2.5.1

2.6.0

2.6.1

2.6.2

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.8.0

2.8.1

2.8.2

2.8.3

2.9.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.1.0a1

3.1.0a2

3.1.0

3.1.1

3.2.0

3.2.1

3.3.0b1

3.3.0

3.3.1

3.4.0

3.4.1

3.5.0

3.6.0

3.7.0

3.7.1

3.8.0

3.8.1

3.9.0

3.9.1

3.10.0

3.10.1

3.11.0

3.12.0

3.12.1

3.12.2

3.12.3

3.12.4

3.13.0