[FP]: snowflake-connector-python@3.17.4 not vulnerable to CVE-2025-46326

[nerdinand]

Package URl

pkg:pypi/snowflake-connector-python@3.17.4

CPE

cpe:2.3:a:snowflake:snowflake_connector::::::.net::*

CVE

CVE-2025-46326

ODC Integration

None

ODC Version

12.1.5

Description

No response

[chadlwilson]

Unfortunately I don't think we can add suppressions for these as it would suppress all vulnerabilities for the snowflake connector, including legit python ones since the suppression format does not allow specifying the language.

The root of the issue is that ODC is not able to map/understand the language discriminator in the CPE which is why this FP appears in the first place.

https://nvd.nist.gov/vuln/detail/cve-2025-46326

So it is similar to many others such as #5992

For now you'll have to maintain your own CVE-by-CVE suppressions.

[marcelstoer]

similar to many others such as #5992

@chadlwilson Wouldn't it be more effective to create a generic enhancement issue, link those "many others" to it and close them (rather than keep each of them open)?

[chadlwilson]

Yeah, I agree. There was a generic one at #6030 but Jeremy closed it (intentionally or not).

I've kinda just been following along what patterns I've observed among Jeremy and Hans so far when triaging.