snowflake-sdk may incorrectly validate temporary credential cache file permissions
- Severity:
- Medium
Description
Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory.
This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.
Recommendation
Update the snowflake-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 1.12.0, <= 2.0.1
- Patched version(s): 2.0.2
References
Related Issues
- NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file - CVE-2025-46328
- @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled - CVE-2024-51753
- @saltcorn/server arbitrary file zip read and download when downloading auto backups - Vulnerability
- lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) - CVE-2024-47066
- Tags:
- npm
- snowflake-sdk
Anything's wrong? Let us know Last updated on January 29, 2025