3 matches found
EUVD-2025-6927
Malicious code in bioql PyPI...
CVE-2024-8055
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...
CVE-2024-8055
Viena CVE-2024-8055 affects Vanna v0.6.3. It describes an SQL injection in Snowflake-based file staging (PUT/COPY) that can be triggered via a Python Flask API, enabling an unauthenticated remote actor to read arbitrary local files (e.g., /etc/passwd). Connected sources confirm the vulnerable com...