awswrangler is vulnerable to Improper Input Validation
50
Medium Risk
Affected versions of this package has a weakness in when creating Athena Iceberg tables via wr.athena.to_iceberg(). User-supplied columns_comments values and additional_table_properties keys/values are interpolated into the generated CREATE TABLE DDL without escaping single quotes. A value containing ' can terminate the surrounding string literal and append arbitrary DDL clauses such as LOCATION or TBLPROPERTIES, altering the structure of the query sent to Athena.
You are affected if you are using a version within the vulnerable range and call wr.athena.to_iceberg() with user-controlled or otherwise untrusted values in columns_comments or additional_table_properties.
awswrangler is vulnerable to Improper Input Validation in versions 3.2.0 - 3.16.1.
Upgrade the awswrangler library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant