snowflake-connector-python is vulnerable to regular expression denial of service. The vulnerability is due to the get_file_transfer_type
function in cursor.py
which does not properly validate the SQL queries, allowing an attacker to crash the application by providing a malicious input.
github.com/snowflakedb/snowflake-connector-python/blob/32b459e7807413296dd431c508186ef45c17ce11/src/snowflake/connector/cursor.py#L199
github.com/snowflakedb/snowflake-connector-python/commit/b9d2fc789fae4db865dde3d2a1bd72c8a9eab091
research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/