PYSEC-2025-27

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/snowflake-connector-python/PYSEC-2025-27.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-27

Aliases

Published

2025-01-29T21:15:21Z

Modified

2025-04-09T17:41:59.248352Z

Summary

[none]

Details

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

References

Affected packages

PyPI / snowflake-connector-python

Package

Name: snowflake-connector-python; View open source insights on deps.dev
Purl: pkg:pypi/snowflake-connector-python

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-python
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3769b43822357c3874c40f5e74068458c2dc79af

Type: ECOSYSTEM
Events: Introduced

2.7.12

Fixed

3.13.1

Affected versions

2.*

2.7.12

2.8.0

2.8.1

2.8.2

2.8.3

2.9.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.1.0a1

3.1.0a2

3.1.0

3.1.1

3.2.0

3.2.1

3.3.0b1

3.3.0

3.3.1

3.4.0

3.4.1

3.5.0

3.6.0

3.7.0

3.7.1

3.8.0

3.8.1

3.9.0

3.9.1

3.10.0

3.10.1

3.11.0

3.12.0

3.12.1

3.12.2

3.12.3

3.12.4

3.13.0