snowflake-sdk may incorrectly validate temporary credential cache file permissions
- Severity:
- Medium
Description
Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory.
This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.
Recommendation
Update the snowflake-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 1.12.0, <= 2.0.1
- Patched version(s): 2.0.2
References
Related Issues
- NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file - CVE-2025-46328
- pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding - CVE-2025-11362
- React Router has Path Traversal in File Session Storage - CVE-2025-61686
- React Router has Path Traversal in File Session Storage - @remix-run/node - CVE-2025-61686
You might also like:
- Tags:
- npm
- snowflake-sdk
Anything's wrong? Let us know Last updated on January 29, 2025


