VulnerableCode Package Details - pkg:nuget/Snowflake.Data@2.1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-cf7m-7s7s-7yg6 Aliases: CVE-2023-51662 GHSA-hwcc-4cv8-cf3h		2.1.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jyxb-ypcs-ufc4 Aliases: CVE-2025-24788 GHSA-2mqw-rq5m-8hc8	snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.	4.3.0 Affected by 0 other vulnerabilities.
VCID-z2c5-xx5z-w3gk Aliases: CVE-2025-46326 GHSA-c82r-c9f7-f5mj	snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 4.4.1.	4.4.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cf7m-7s7s-7yg6
Aliases:
CVE-2023-51662
GHSA-hwcc-4cv8-cf3h

2.1.5
Affected by 2 other vulnerabilities.

VCID-jyxb-ypcs-ufc4
Aliases:
CVE-2025-24788
GHSA-2mqw-rq5m-8hc8

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

4.3.0
Affected by 0 other vulnerabilities.

VCID-z2c5-xx5z-w3gk
Aliases:
CVE-2025-46326
GHSA-c82r-c9f7-f5mj

snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 4.4.1.

4.4.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:00:26.603189+00:00	GitLab Importer	Affected by	VCID-z2c5-xx5z-w3gk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-46326.yml	38.6.0
2026-06-12T19:51:12.156551+00:00	GitLab Importer	Affected by	VCID-jyxb-ypcs-ufc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-24788.yml	38.6.0
2026-06-12T19:15:29.765076+00:00	GitLab Importer	Affected by	VCID-cf7m-7s7s-7yg6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2023-51662.yml	38.6.0