CVE-2025-50213
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.
This issue affects Apache Airflow Providers Snowflake: before 6.4.0.
Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.
| Software | From | Fixed in |
|---|---|---|
apache-airflow-providers-snowflake
|
- | 6.4.0 |
| apache / apache-airflow-providers-snowflake | - | 6.4.0 |
- https://github.com/apache/airflow
- https://github.com/apache/airflow/pull/51734
- https://github.com/apache/airflow/pull/51734/commits/bcf19916738e4a7065a3911814ba1fa32d6fd669
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-snowflake/PYSEC-2025-51.yaml
- https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime