VYPR
High severityNVD Advisory· Published Jan 29, 2025· Updated Jan 31, 2025

Snowflake Connector for Python has an SQL Injection in write_pandas

CVE-2025-24793

Description

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
snowflake-connector-pythonPyPI
>= 2.2.5, < 3.13.13.13.1

Affected products

34

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.