Security Advisory

CVE-2024-8055

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:20

Last updated 2025-10-15 12:50:38

Assigner @huntr_ai

State PUBLISHED

Description

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as `/etc/passwd`, by exploiting the exposed SQL queries through a Python Flask API.

← Browse all CVEs View on cve.org ↗