34 matches found
EUVD-2023-1792
Malicious code in bioql PyPI...
EUVD-2023-0241
Malicious code in bioql PyPI...
CVE-2023-34230
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...
CVE-2023-34231
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
EAP: wildfly-elytron has a SSRF security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...
Snowflake Golang Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...
Snowflake Python Connector vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...
Snowflake Connector .Net Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecting use...
CVE-2023-34230
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
CVE-2023-34233
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
CVE-2023-34230
CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
CVE-2023-34233 Snowflake Python Connector vulnerable to Command Injection
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...
CVE-2023-34233
CVE-2023-34233 affects the Snowflake Connector for Python. Versions before 3.0.2 are vulnerable to a command injection via SSO browser URL authentication. Exploitation requires an attacker to host a malicious resource and lure a user to visit a crafted SSO URL, which could execute remote code on ...
CVE-2023-34233 Snowflake Python Connector vulnerable to Command Injection
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...