Vulnerabilities > Snowflake
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-24 | CVE-2024-49750 | Information Exposure Through Log Files vulnerability in Snowflake Connector The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. | 5.5 |
| 2024-08-12 | CVE-2024-42474 | Path Traversal vulnerability in Snowflake Streamlit Streamlit is a data oriented application development framework for python. | 6.5 |
| 2023-12-22 | CVE-2023-51662 | Improper Certificate Validation vulnerability in Snowflake Connector The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. | 7.5 |
| 2023-06-08 | CVE-2023-34230 | Command Injection vulnerability in Snowflake Connector snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. | 8.8 |
| 2023-06-08 | CVE-2023-34232 | Command Injection vulnerability in Snowflake Connector snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. | 8.8 |
| 2023-06-08 | CVE-2023-34233 | Command Injection vulnerability in Snowflake Connector The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. | 8.8 |
| 2023-06-08 | CVE-2023-34231 | Command Injection vulnerability in Snowflake Gosnowflake gosnowflake is th Snowflake Golang driver. | 8.8 |
| 2023-04-14 | CVE-2023-30535 | Command Injection vulnerability in Snowflake Jdbc Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. | 8.8 |
| 2023-03-16 | CVE-2023-27494 | Cross-site Scripting vulnerability in Snowflake Streamlit Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. | 6.1 |
| 2022-11-09 | CVE-2022-42965 | Unspecified vulnerability in Snowflake Snowflake-Connector-Python An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | 7.5 |