9 matches found
CVE-2023-30535
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...
Security Bulletin: IBM Security Guardium is affected by a snowflake-jdbc-3.13.8.jar vulnerability (CVE-2023-30535)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2023-30535 DESCRIPTION: Snowflake Computing Snowflake JDBC could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SSO URL...
Oracle GoldenGate for Big Data RCE (October 2023 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 21.3 = 21.10. It is, therefore, affected by a remote code execution vulnerability: - Vulnerability in the GoldenGate Big Data product of Oracle GoldenGate component:...
CVE-2023-30535
creationtimestamp| type| source ---|---|--- 2023-04-15 00:26:27+00:00| seen| https://t.me/cibsecurity/62201 2023-04-27 19:58:34+00:00| seen| https://t.me/truesecator/4331...
CVE-2023-30535
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...
CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...
CVE-2023-30535
CVE-2023-30535 affects Snowflake JDBC (type 4 driver). The issue is a command injection via the SSO URL authentication payload. It was patched in Snowflake JDBC driver version 3.13.29; all users should upgrade to 3.13.29 or later. Related IBM/Oracle advisories note the CVE in the context of Oracl...
CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...
com.damavis:damavis-spark-snowflake_2.12 (>=0.3.0 <=0.4.4), com.linkedin.feathr:feathr_2.12 (>=0.1.0 <=1.0.5-rc5) +49 more potentially affected by CVE-2023-30535 via net.snowflake:snowflake-jdbc (>=3.0.0 <=3.13.28)
net.snowflake:snowflake-jdbc MAVEN version =3.0.0, =0.3.0, =0.1.0, =1.2.0.0-rc2, =0.9.0, =0.9.0, =0.10.1, =1.0.0, =1.0.0, =3.0.0.Final, =3.0.0.Final, =3.1.3.Final and more Source cves: CVE-2023-30535 Source advisory: OSV:GHSA-4G3J-C4WG-6J7X...