snowflake-connector-python 3.13.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the snowflake-connector-python package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Default Permissions snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Default Permissions when using `EXTERNALBROWSER` or `USERNAME_PASSWORD_MFA` authentication methods with temporary credential caching enabled, allowing the attacker to cache the temporary credentials in a local file. Note: This is only exploitable for Linux systems. How to fix Incorrect Default Permissions? Upgrade `snowflake-connector-python` to version 3.13.1 or higher.	[2.3.7,3.13.1)
H SQL Injection snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to SQL Injection in the `write_pandas` function, due to missing sanitization. Note: Only a limited set of query types are not properly parameterized, and any SQL executed by the attacker will run in the context of the current session only. How to fix SQL Injection? Upgrade `snowflake-connector-python` to version 3.13.1 or higher.	[2.2.5,3.13.1)
H Deserialization of Untrusted Data snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the insecure handling of serialization exceptions which is not supported for all exceptions. This is because The OCSP response cache uses pickle as the serialization format which is saved locally on the machine running the Connector. How to fix Deserialization of Untrusted Data? Upgrade `snowflake-connector-python` to version 3.13.1 or higher.	[2.7.12,3.13.1)

Vulnerability

Vulnerable Version

Incorrect Default Permissions

snowflake-connector-python is a Snowflake Connector for Python

Affected versions of this package are vulnerable to Incorrect Default Permissions when using EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods with temporary credential caching enabled, allowing the attacker to cache the temporary credentials in a local file.

Note: This is only exploitable for Linux systems.

How to fix Incorrect Default Permissions?

Upgrade snowflake-connector-python to version 3.13.1 or higher.

[2.3.7,3.13.1)

SQL Injection

snowflake-connector-python is a Snowflake Connector for Python

Affected versions of this package are vulnerable to SQL Injection in the write_pandas function, due to missing sanitization.

Note: Only a limited set of query types are not properly parameterized, and any SQL executed by the attacker will run in the context of the current session only.

How to fix SQL Injection?

Upgrade snowflake-connector-python to version 3.13.1 or higher.

[2.2.5,3.13.1)

Deserialization of Untrusted Data

snowflake-connector-python is a Snowflake Connector for Python

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the insecure handling of serialization exceptions which is not supported for all exceptions. This is because The OCSP response cache uses pickle as the serialization format which is saved locally on the machine running the Connector.

How to fix Deserialization of Untrusted Data?

Upgrade snowflake-connector-python to version 3.13.1 or higher.

[2.7.12,3.13.1)

snowflake-connector-python@3.13.0 vulnerabilities

Snowflake Connector for Python

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?