5 matches found
CVE-2025-46328
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
CVE-2025-46328
creationtimestamp| type| source ---|---|--- 2025-04-28 23:10:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13750 2025-04-28 23:45:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5vjscz2s 2025-04-29 02:36:58+00:00| seen|...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
CVE-2025-46328
CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...