{"schema_version": "1.6.1", "id": "CVE-2025-50213", "summary": "Potential SQL injection in CopyFromExternalStageToSnowflakeOperator", "details": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.\n\nThis issue affects Apache Airflow Providers Snowflake: before 6.4.0.\n\nSanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "6.4.0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/51734"}, {"type": "WEB", "url": "https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3"}]}