13 matches found
CVE-2024-49750
Summary (CVE-2024-49750): The Snowflake Connector for Python is affected by exposure of sensitive data in logs prior to version 3.12.3. Under DEBUG logging, credentials such as Duo passcodes and Azure SAS tokens could be logged, and the SecretDetector formatter could fail to fully redact JWTs and...
CVE-2025-24793
Technical details about CVE-2025-24793 are not provided in the connected documents. The initial entry notes a SQL injection in Snowflake Connector for Python versions 2.2.5–3.13.0, fixed in 3.13.1, but no further technical specifics are available here. Monitor for updates.
CVE-2025-24795
The Snowflake Connector for Python (Linux) has a vulnerability in temporary credential caching: when enabled, credentials are cached in a world-readable file. Affected versions are 2.3.7 through 3.13.0; upgrade to 3.13.1 to fix. (Exploits not described in the provided documents; CVSS details indi...
CVE-2025-24794
Technical details such as affected products, versions, root cause, impact and fixes for CVE-2025-24794 are not provided in the connected documents. Please monitor for updates from relevant advisories to obtain concrete vulnerability data and remediation guidance.
CVE-2023-34233
CVE-2023-34233 affects the Snowflake Connector for Python. Versions before 3.0.2 are vulnerable to a command injection via SSO browser URL authentication. Exploitation requires an attacker to host a malicious resource and lure a user to visit a crafted SSO URL, which could execute remote code on ...
CVE-2022-42965
CVE-2022-42965 affects the Python Snowflake connector (snowflake-connector-python). The vulnerability is an exponential ReDoS in the undocumented get_file_transfer_type method, allowing a network attacker to trigger a denial of service by supplying crafted input. Underlying cause: a vulnerable re...
CVE-2025-46326
Snowflake Connector for .NET has a TOCTOU race in the Linux/macOS Easy Logging config file check. Versions 2.1.2 through before 4.4.1 are vulnerable: a local attacker with write access to the logging config file or its directory could overwrite configuration, gaining control over logging level an...
CVE-2025-46328
CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...
CVE-2025-24791
CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....
CVE-2025-24788
CVE-2025-24788 affects the Snowflake Connector for .NET. The vulnerability arises when downloading files from stages: temporary files are written to the OS temporary directory with world-readable permissions, enabling access by other users on the same machine. Affected versions are 2.0.12 through...
CVE-2023-34230
CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...
CVE-2023-34232
Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...
CVE-2023-51662
The CVE-2023-51662 issue affects Snowflake Connector .NET (Snowflake .NET driver) where Certificate Revocation List (CRL) checks were not performed when insecureMode is false (default). Affected versions are 2.0.25 through 2.1.4 (inclusive); remediation is to upgrade to 2.1.5. Multiple sources (N...