logo

Database

Asymmetric denial of service - ReDoS In snowflake-connector-python

Description

snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS) An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-429652. NVD-2022-429653. OSV-2022-429654. GCVE-2022-42965

References

1. https://github.com/snowflakedb/snowflake-connector-python/pull/13272. https://github.com/snowflakedb/snowflake-connector-python/commit/b9d2fc789fae4db865dde3d2a1bd72c8a9eab0913. https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v2.8.24. https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.