2 matches found
Time-of-check Time-of-use (TOCTOU) Race Condition
github.com/snowflakedb/gosnowflake is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to insufficient file ownership validation in checking and using the logging configuration file; this allows local attackers with write access to the file or its...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...