Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk:High] net.snowflake:snowflake-jdbc Arbitrary Code Execution (due by 05/31/2023) #5418

Closed
pkfec opened this issue Apr 19, 2023 · 2 comments
Closed

[Snyk:High] net.snowflake:snowflake-jdbc Arbitrary Code Execution (due by 05/31/2023) #5418

pkfec opened this issue Apr 19, 2023 · 2 comments
Assignees
@tmpayton
Labels
Security: high Remediate within 30 days
Milestone
Sprint 21.4

Comments

@pkfec
Copy link
Contributor

pkfec commented Apr 19, 2023

Overview
Affected versions of this package are vulnerable to Arbitrary Code Execution via SSO URL authentication.

https://app.snyk.io/org/fecgov/project/e6c155e9-f0ac-4a49-98fa-83c24f5b74b3#issue-SNYK-JAVA-NETSNOWFLAKE-5425048

Detailed paths
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@9.16.3 › net.snowflake:snowflake-jdbc@3.13.22

Introduced through
org.flywaydb:flyway-commandline@9.16.3

Fixed in
net.snowflake:snowflake-jdbc@3.13.29

Completion criteria

  • upgrade flyway to the latest version
@pkfec pkfec added the Security: high Remediate within 30 days label Apr 19, 2023
@pkfec pkfec added this to the Sprint 21.4 milestone Apr 19, 2023
@pkfec pkfec mentioned this issue Apr 19, 2023
Closed
2 tasks
@tmpayton tmpayton self-assigned this Apr 24, 2023
@pkfec pkfec mentioned this issue Apr 27, 2023
Closed
3 tasks
@pkfec
Copy link
Contributor Author

pkfec commented May 1, 2023

@tmpayton Flyway 9.17.0 is now available

@cnlucas cnlucas mentioned this issue May 3, 2023
Closed
2 tasks
@tmpayton tmpayton mentioned this issue May 5, 2023
Merged
@JonellaCulmer
Copy link
Contributor

PR has been merged, so this ticket can be closed.

@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmpayton tmpayton

Labels
Security: high Remediate within 30 days
Projects
None yet
Milestone
Sprint 21.4
Development

No branches or pull requests
3 participants
@pkfec @JonellaCulmer @tmpayton