{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/dagster/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","dagster","injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in Dagster\u0026rsquo;s I/O managers for DuckDB, Snowflake, BigQuery, and DeltaLake. The vulnerability stems from the construction of SQL WHERE clauses where dynamic partition key values are interpolated into queries without proper escaping. This allows an attacker with the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission to inject arbitrary SQL code. The injected SQL would then execute against the target database backend using the I/O manager\u0026rsquo;s credentials. This issue affects Dagster OSS versions up to 1.13.0, and dagster-* package versions up to 0.29.0. This vulnerability is most relevant when the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission is granted independently of broader database access, such as in multi-tenant or custom RBAC configurations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to the Dagster API with the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission. This could be through compromised credentials or a misconfigured RBAC setup.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious dynamic partition key containing SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the Dagster API to create a new dynamic partition or modify an existing one, injecting the malicious key.\u003c/li\u003e\n\u003cli\u003eA Dagster pipeline or asset execution is triggered that utilizes the dynamic partitions functionality and the vulnerable I/O manager.\u003c/li\u003e\n\u003cli\u003eWhen the I/O manager constructs the SQL query, the malicious partition key is interpolated without proper escaping.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the target database (DuckDB, Snowflake, BigQuery, or DeltaLake) using the I/O manager\u0026rsquo;s credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker can read sensitive data, modify existing data, or potentially escalate privileges within the database.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as exfiltrating data or compromising the database\u0026rsquo;s integrity.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to unauthorized access and modification of data within the affected databases. The impact is particularly high in deployments where the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission is granted to users without broader database access. This vulnerability could allow attackers to bypass intended access controls and potentially gain full control of the database, leading to data breaches, data corruption, or denial of service. The number of affected deployments is currently unknown, but organizations using Dagster with dynamic partitions should assess their exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all \u003ccode\u003edagster-*\u003c/code\u003e packages (dagster-duckdb, dagster-snowflake, dagster-gcp, dagster-deltalake, dagster-snowflake-polars) to versions greater than 0.29.0 and \u003ccode\u003edagster\u003c/code\u003e package to versions greater than 1.13.0 as outlined in the advisory to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions within Dagster, specifically focusing on who has the \u003ccode\u003eAdd Dynamic Partitions\u003c/code\u003e permission, and restrict access to only trusted users to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eMonitor Dagster logs for suspicious API requests related to the creation or modification of dynamic partitions to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement database auditing to track SQL queries executed by the I/O manager and identify potential SQL injection attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T01:07:59Z","date_published":"2026-04-18T01:07:59Z","id":"/briefs/2024-01-02-dagster-sqli/","summary":"A SQL injection vulnerability exists in Dagster's DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers, where a user with 'Add Dynamic Partitions' permission can inject arbitrary SQL due to improper escaping of dynamic partition key values, leading to unauthorized data access or modification.","title":"Dagster SQL Injection Vulnerability in Dynamic Partition Keys","url":"https://feed.craftedsignal.io/briefs/2024-01-02-dagster-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Dagster","version":"https://jsonfeed.org/version/1.1"}