Vulnerability-Lookup

CVE-2025-50213 (GCVE-0-2025-50213)

Vulnerability from cvelistv5 – Published: 2025-06-24 07:06 – Updated: 2025-06-24 18:03

Title

Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator

Summary

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Assigner

apache

References

2 references

URL	Tags
https://github.com/apache/airflow/pull/51734	patch
https://lists.apache.org/thread/2kqfmyt2pghg5f679…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Airflow Providers Snowflake	Affected: 0 , < 6.4.0 (semver)

Credits

Nhien Pham (@nhienit) at Galaxy One

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-50213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-24T13:46:28.362554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-24T18:03:35.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow-providers-snowflake",
          "product": "Apache Airflow Providers Snowflake",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "6.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nhien Pham (@nhienit) at Galaxy One"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSanitation of table and stage parameters were added in\u003c/span\u003e\u0026nbsp;CopyFromExternalStageToSnowflakeOperator\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto prevent\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;SQL injection\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-75",
              "description": "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-24T07:06:53.128Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/51734"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-50213",
    "datePublished": "2025-06-24T07:06:53.128Z",
    "dateReserved": "2025-06-14T15:37:44.797Z",
    "dateUpdated": "2025-06-24T18:03:35.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-50213",
      "date": "2026-05-30",
      "epss": "0.00488",
      "percentile": "0.65778"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-50213\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-06-24T08:15:24.253\",\"lastModified\":\"2025-07-11T18:36:05.753\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\\n\\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\\n\\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad por fallo en la depuraci\u00f3n de elementos especiales en un plano diferente (inyecci\u00f3n de elementos especiales) en Apache Airflow Providers Snowflake. Este problema afecta a Apache Airflow Providers Snowflake: versiones anteriores a la 6.4.0. Se a\u00f1adi\u00f3 la depuraci\u00f3n de los par\u00e1metros de tabla y etapa en CopyFromExternalStageToSnowflakeOperator para evitar la inyecci\u00f3n de SQL. Se recomienda a los usuarios actualizar a la versi\u00f3n 6.4.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-75\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apache-airflow-providers-snowflake:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.0\",\"matchCriteriaId\":\"FB551B24-0E93-4F5F-B201-B96E875D49B4\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/airflow/pull/51734\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-50213\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T13:46:28.362554Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T13:46:30.536Z\"}}], \"cna\": {\"title\": \"Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nhien Pham (@nhienit) at Galaxy One\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow Providers Snowflake\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.4.0\", \"versionType\": \"semver\"}], \"packageName\": \"apache-airflow-providers-snowflake\", \"collectionURL\": \"https://pypi.python.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/51734\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\\n\\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\\n\\nSanitation of table and stage parameters were added in\\u00a0CopyFromExternalStageToSnowflakeOperator\\u00a0to prevent\\u00a0SQL injection\\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\u003c/p\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSanitation of table and stage parameters were added in\u003c/span\u003e\u0026nbsp;CopyFromExternalStageToSnowflakeOperator\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eto prevent\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;SQL injection\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-75\", \"description\": \"CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-06-24T07:06:53.128Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-50213\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-24T18:03:35.296Z\", \"dateReserved\": \"2025-06-14T15:37:44.797Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-06-24T07:06:53.128Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2025-09076

Vulnerability from fstec - Published: 24.06.2025

Title

Уязвимость функции CopyFromExternalStageToSnowflakeOperator() пакета интеграции с облачной платформой данных Apache Airflow Providers Snowflake, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость функции CopyFromExternalStageToSnowflakeOperator() пакета интеграции с облачной платформой данных Apache Airflow Providers Snowflake связана с некорректной нейтрализацией специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Apache Software Foundation

Software Name

Airflow Providers Snowflake

Software Version

до 6.4.0 (Airflow Providers Snowflake)

Possible Mitigations

Использование рекомендаций производителя: https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-50213 https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

CWE

CWE-75

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.4.0 (Airflow Providers Snowflake)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.07.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-09076",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-50213",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Airflow Providers Snowflake",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CopyFromExternalStageToSnowflakeOperator() \u043f\u0430\u043a\u0435\u0442\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 Apache Airflow Providers Snowflake, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0434\u0440\u0443\u0433\u0443\u044e \u043f\u043b\u043e\u0441\u043a\u043e\u0441\u0442\u044c (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043e\u0441\u043e\u0431\u043e\u0433\u043e \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430) (CWE-75)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CopyFromExternalStageToSnowflakeOperator() \u043f\u0430\u043a\u0435\u0442\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 Apache Airflow Providers Snowflake \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2025-50213\nhttps://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-75",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2025-15615

Vulnerability from cnvd - Published: 2025-07-08

Title

Apache Airflow SQL注入漏洞

Description

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 6.4.0之前版本存在SQL注入漏洞，该漏洞源于未清理特殊元素，攻击者可利用该漏洞导致SQL注入。

Severity

高

Patch Name

Apache Airflow SQL注入漏洞的补丁

Patch Description

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 6.4.0之前版本存在SQL注入漏洞，该漏洞源于未清理特殊元素，攻击者可利用该漏洞导致SQL注入。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://airflow.apache.org/docs/apache-airflow/stable/start.html

Reference

https://github.com/apache/airflow/pull/51734

Impacted products

Name
Apache Airflow <6.4.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-50213",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-50213"
    }
  },
  "description": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\n\nApache Airflow 6.4.0\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6e05\u7406\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4SQL\u6ce8\u5165\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://airflow.apache.org/docs/apache-airflow/stable/start.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15615",
  "openTime": "2025-07-08",
  "patchDescription": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\r\n\r\nApache Airflow 6.4.0\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6e05\u7406\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4SQL\u6ce8\u5165\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Airflow SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Airflow \u003c6.4.0"
  },
  "referenceLink": "https://github.com/apache/airflow/pull/51734",
  "serverity": "\u9ad8",
  "submitTime": "2025-06-27",
  "title": "Apache Airflow SQL\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2025-50213

Vulnerability from fkie_nvd - Published: 2025-06-24 08:15 - Updated: 2025-07-11 18:36

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@apache.org	https://github.com/apache/airflow/pull/51734	Issue Tracking, Patch
	security@apache.org	https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	apache-airflow-providers-snowflake	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:apache-airflow-providers-snowflake:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB551B24-0E93-4F5F-B201-B96E875D49B4",
              "versionEndExcluding": "6.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad por fallo en la depuraci\u00f3n de elementos especiales en un plano diferente (inyecci\u00f3n de elementos especiales) en Apache Airflow Providers Snowflake. Este problema afecta a Apache Airflow Providers Snowflake: versiones anteriores a la 6.4.0. Se a\u00f1adi\u00f3 la depuraci\u00f3n de los par\u00e1metros de tabla y etapa en CopyFromExternalStageToSnowflakeOperator para evitar la inyecci\u00f3n de SQL. Se recomienda a los usuarios actualizar a la versi\u00f3n 6.4.0, que soluciona el problema."
    }
  ],
  "id": "CVE-2025-50213",
  "lastModified": "2025-07-11T18:36:05.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-24T08:15:24.253",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/apache/airflow/pull/51734"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-75"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-9R64-3WMC-X8M8

Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-27 21:15

Summary

Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator

Details

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.

This issue affects Apache Airflow Providers Snowflake: before 6.4.0.

Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-snowflake"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-50213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-75"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-27T21:15:56Z",
    "nvd_published_at": "2025-06-24T08:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.",
  "id": "GHSA-9r64-3wmc-x8m8",
  "modified": "2025-06-27T21:15:56Z",
  "published": "2025-06-26T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50213"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/51734"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/51734/commits/bcf19916738e4a7065a3911814ba1fa32d6fd669"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-snowflake/PYSEC-2025-51.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator"
}

PYSEC-2025-51

Vulnerability from pysec - Published: 2025-06-24 08:15 - Updated: 2025-06-26 21:23

Details

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.

This issue affects Apache Airflow Providers Snowflake: before 6.4.0.

Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Impacted products

Name	purl
apache-airflow-providers-snowflake	pkg:pypi/apache-airflow-providers-snowflake

Aliases

CVE-2025-50213

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-snowflake",
        "purl": "pkg:pypi/apache-airflow-providers-snowflake"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.0",
        "1.0.0b1",
        "1.0.0b2",
        "1.0.0rc1",
        "1.1.0",
        "1.1.0rc1",
        "1.1.1",
        "1.1.1rc1",
        "1.1.1rc2",
        "1.2.0",
        "1.2.0rc1",
        "1.3.0",
        "1.3.0rc1",
        "2.0.0",
        "2.0.0rc1",
        "2.0.0rc2",
        "2.0.0rc3",
        "2.1.0",
        "2.1.0rc1",
        "2.1.0rc2",
        "2.1.1",
        "2.1.1rc1",
        "2.2.0",
        "2.2.0rc1",
        "2.3.0",
        "2.3.0rc1",
        "2.3.1",
        "2.3.1rc1",
        "2.4.0",
        "2.4.0rc1",
        "2.5.0",
        "2.5.0rc1",
        "2.5.0rc2",
        "2.5.1",
        "2.5.1rc1",
        "2.5.2",
        "2.5.2rc1",
        "2.6.0",
        "2.6.0rc1",
        "2.7.0",
        "2.7.0rc1",
        "3.0.0",
        "3.0.0rc1",
        "3.0.0rc2",
        "3.1.0",
        "3.1.0rc1",
        "3.2.0",
        "3.2.0rc1",
        "3.2.0rc2",
        "3.2.0rc3",
        "3.3.0",
        "3.3.0rc1",
        "4.0.0",
        "4.0.0rc1",
        "4.0.1",
        "4.0.1rc2",
        "4.0.1rc3",
        "4.0.2",
        "4.0.2rc1",
        "4.0.3",
        "4.0.3rc1",
        "4.0.4",
        "4.0.4rc1",
        "4.0.5",
        "4.0.5rc1",
        "4.1.0",
        "4.1.0rc1",
        "4.1.0rc2",
        "4.2.0",
        "4.2.0rc1",
        "4.3.0",
        "4.3.0rc2",
        "4.3.1",
        "4.3.1rc1",
        "4.4.0",
        "4.4.0rc1",
        "4.4.1",
        "4.4.1rc1",
        "4.4.2",
        "4.4.2rc1",
        "5.0.0",
        "5.0.0rc1",
        "5.0.1",
        "5.0.1rc1",
        "5.1.0",
        "5.1.0rc1",
        "5.1.1",
        "5.1.1rc1",
        "5.1.2",
        "5.1.2rc1",
        "5.2.0",
        "5.2.0rc1",
        "5.2.1",
        "5.2.1rc1",
        "5.3.0",
        "5.3.0rc1",
        "5.3.0rc2",
        "5.3.1",
        "5.3.1rc1",
        "5.4.0",
        "5.4.0rc1",
        "5.5.0",
        "5.5.0rc1",
        "5.5.1",
        "5.5.1rc1",
        "5.5.2",
        "5.5.2rc1",
        "5.6.0",
        "5.6.0rc1",
        "5.6.1",
        "5.6.1rc1",
        "5.7.0",
        "5.7.0rc1",
        "5.7.1",
        "5.7.1rc1",
        "5.8.0",
        "5.8.0rc1",
        "5.8.1",
        "5.8.1rc1",
        "6.0.0",
        "6.0.0rc1",
        "6.0.0rc2",
        "6.1.0",
        "6.1.0rc1",
        "6.1.1",
        "6.1.1rc1",
        "6.2.0",
        "6.2.0rc1",
        "6.2.1",
        "6.2.1rc1",
        "6.2.2",
        "6.2.2rc1",
        "6.3.0",
        "6.3.0rc1",
        "6.3.0rc2",
        "6.3.1",
        "6.3.1rc1",
        "6.4.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-50213"
  ],
  "details": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in\u00a0CopyFromExternalStageToSnowflakeOperator\u00a0to prevent\u00a0SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.",
  "id": "PYSEC-2025-51",
  "modified": "2025-06-26T21:23:03.132527+00:00",
  "published": "2025-06-24T08:15:24+00:00",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/51734"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-50213 (GCVE-0-2025-50213)

BDU:2025-09076

CNVD-2025-15615

FKIE_CVE-2025-50213

GHSA-9R64-3WMC-X8M8

PYSEC-2025-51

Tags

Sightings

Nomenclature