6 matches found
CVE-2025-24790
CVE-2025-24790 affects Snowflake JDBC driver (type 4) used by Java apps. On Linux, when temporary credential caching is enabled, credentials may be cached locally in a world-readable file. Affected versions: 3.6.8 through 3.21.0. The issue has been fixed in version 3.22.0. Remediation: upgrade Sn...
CVE-2025-24789
CVE-2025-24789 — Snowflake JDBC Driver privilege escalation (Windows) Affected product: Snowflake JDBC Type 4 driver used by Java apps; Windows EXTERNALBROWSER authentication method on Windows with write access to a PATH directory can escalate privileges to the running user. Affected versions: 3....
CVE-2024-43382
CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...
CVE-2025-27496
Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...
CVE-2023-30535
CVE-2023-30535 affects Snowflake JDBC (type 4 driver). The issue is a command injection via the SSO URL authentication payload. It was patched in Snowflake JDBC driver version 3.13.29; all users should upgrade to 3.13.29 or later. Related IBM/Oracle advisories note the CVE in the context of Oracl...
CVE-2026-3293
CVE-2026-3293 affects snowflake-bdb snowflake-jdbc up to 4.0.1, specifically the SdkProxyRoutePlanner (src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java) in the JDBC URL Handler. The vulnerability arises from manipulating the nonProxyHosts argument, which can cause ineffi...