10 matches found
EUVD-2023-1792
Malicious code in bioql PyPI...
CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2025-46327
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46327
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
CVE-2025-46327
CVE-2025-46327 affects gosnowflake (Snowflake Go driver) versions 1.7.0 up to 1.13.3 (exclusive). The issue is a TOCTOU race in the Easy Logging feature: on Linux/macOS the driver reads logging config from a user-provided file and verifies write access only by the file owner, but the check can ra...
CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2023-34231
CVE-2023-34231 affects the Snowflake Go driver (gosnowflake) prior to version 1.6.19. The vulnerability is a command-injection flaw in the SSO browser URL authentication flow, allowing a remote attacker to execute commands on the user’s machine if the attacker first hosts a malicious resource and...
CVE-2023-34231 Snowflake Golang Driver vulnerable to Command Injection
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...