{"id":"PYSEC-2025-26","details":"The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.","aliases":["CVE-2025-24793","GHSA-2vpq-fh52-j3wv"],"modified":"2025-04-09T17:59:21.846062Z","published":"2025-01-29T21:15:21Z","references":[{"type":"ADVISORY","url":"https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-2vpq-fh52-j3wv"},{"type":"FIX","url":"https://github.com/snowflakedb/snowflake-connector-python/commit/f3f9b666518d29c31a49384bbaa9a65889e72056"}],"affected":[{"package":{"name":"snowflake-connector-python","ecosystem":"PyPI","purl":"pkg:pypi/snowflake-connector-python"},"ranges":[{"type":"GIT","repo":"https://github.com/snowflakedb/snowflake-connector-python","events":[{"introduced":"0"},{"fixed":"f3f9b666518d29c31a49384bbaa9a65889e72056"}]},{"type":"ECOSYSTEM","events":[{"introduced":"2.2.5"},{"fixed":"3.13.1"}]}],"versions":["2.2.10","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","2.3.1","2.3.10","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.5.0","2.5.1","2.6.0","2.6.1","2.6.2","2.7.0","2.7.1","2.7.10","2.7.11","2.7.12","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.8.0","2.8.1","2.8.2","2.8.3","2.9.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","3.1.0a1","3.1.0a2","3.1.1","3.10.0","3.10.1","3.11.0","3.12.0","3.12.1","3.12.2","3.12.3","3.12.4","3.13.0","3.2.0","3.2.1","3.3.0","3.3.0b1","3.3.1","3.4.0","3.4.1","3.5.0","3.6.0","3.7.0","3.7.1","3.8.0","3.8.1","3.9.0","3.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/snowflake-connector-python/PYSEC-2025-26.yaml"}}],"schema_version":"1.7.3"}