VulnerableCode Package Details - pkg:nuget/Snowflake.Data@2.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-jyxb-ypcs-ufc4 Aliases: CVE-2025-24788 GHSA-2mqw-rq5m-8hc8	snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.	4.3.0 Affected by 0 other vulnerabilities.
VCID-z2c5-xx5z-w3gk Aliases: CVE-2025-46326 GHSA-c82r-c9f7-f5mj	snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 4.4.1.	4.4.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jyxb-ypcs-ufc4
Aliases:
CVE-2025-24788
GHSA-2mqw-rq5m-8hc8

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

4.3.0
Affected by 0 other vulnerabilities.

VCID-z2c5-xx5z-w3gk
Aliases:
CVE-2025-46326
GHSA-c82r-c9f7-f5mj

snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 4.4.1.

4.4.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:00:26.619929+00:00	GitLab Importer	Affected by	VCID-z2c5-xx5z-w3gk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-46326.yml	38.6.0
2026-06-12T19:51:12.173180+00:00	GitLab Importer	Affected by	VCID-jyxb-ypcs-ufc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-24788.yml	38.6.0

2026-06-12T20:00:26.619929+00:00

GitLab Importer

Affected by

VCID-z2c5-xx5z-w3gk

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-46326.yml

38.6.0

2026-06-12T19:51:12.173180+00:00

GitLab Importer

Affected by

VCID-jyxb-ypcs-ufc4

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-24788.yml

38.6.0

Next non-vulnerable version	4.3.0
Latest non-vulnerable version	4.4.1
Risk