Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CVE-2025-50213

High

9.8/10

Summary

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects apache-airflow-providers-snowflake package versions 3.3.0rc1 through 6.3.1. Sanitation of `table` and `stage` parameters were added in `CopyFromExternalStageToSnowflakeOperatorto` to prevent SQL injection. Users are recommended to upgrade to version 6.4.0rc1, which fixes the issue.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

The software does not adequately filter user-controlled input for special elements with control implications.

References

Advisory
Release Note
Mail Thread
Pull request

Advisory Timeline

Published Jun 24, 2025

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CVE-2025-50213

Summary

CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS