2 matches found
GHSA-JQHC-M2J3-FJRX SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...