CVE-2024-8055
Viena CVE-2024-8055 affects Vanna v0.6.3. It describes an SQL injection in Snowflake-based file staging (PUT/COPY) that can be triggered via a Python Flask API, enabling an unauthenticated remote actor to read arbitrary local files (e.g., /etc/passwd). Connected sources confirm the vulnerable com...