CVE-2025-46328

CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...

PT-2025-18122 · Snowflake · Snowflake-Connector-Nodejs

Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions 1.10.0 through 2.0.4 Description: The issue concerns a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the driver reads logging configuration from...

Improper Access Control

snowflake-connector-nodejs is vulnerable to Improper Access Control. The vulnerability is due to insufficient file permission checks due to an attacker with write access to the local cache directory being able to bypass temporary credential cache restrictions...

CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...

CVE-2023-34232

Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...