3 matches found
CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...
Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Snowflake connector are vulnerable to arbitrary code execution due to [CVE-2023-34232]
Summary Node.js module snowflake is used by IBM App Connect Enterprise Certified Container for connecting to Snowflake. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Snowflake connector are vulnerable to arbitrary code execution. Thi...
CVE-2023-34232
Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...