CVE-2024-8055 Information

Description

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server such as /etc/passwd by exploiting the exposed SQL queries through a Python Flask API.

Reference

https://huntr.com/bounties/7c92a611-6756-4885-8969-01d8b85b6c63