14 matches found
EUVD-2023-1792
Malicious code in bioql PyPI...
CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2022-45786
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...
CVE-2025-46327
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46327
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46327
CVE-2025-46327 affects gosnowflake (Snowflake Go driver) versions 1.7.0 up to 1.13.3 (exclusive). The issue is a TOCTOU race in the Easy Logging feature: on Linux/macOS the driver reads logging config from a user-provided file and verifies write access only by the file owner, but the check can ra...
CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231
CVE-2023-34231 affects the Snowflake Go driver (gosnowflake) prior to version 1.6.19. The vulnerability is a command-injection flaw in the SSO browser URL authentication flow, allowing a remote attacker to execute commands on the user’s machine if the attacker first hosts a malicious resource and...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
GHSA-6P5Q-H963-PWWF Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...
CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...
CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...