Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/snowflake-sdk@1.1.9

Type npm

Namespace

Name snowflake-sdk

Version 1.1.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.6.21

Latest_non_vulnerable_version 2.0.4

Affected_by_vulnerabilities

url VCID-ntn6-pdaj-sqfv

vulnerability_id VCID-ntn6-pdaj-sqfv

summary snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34232

reference_id

reference_type

scores

value	0.00457
scoring_system	epss
scoring_elements	0.6446
published_at	2026-06-12T12:55:00Z

value	0.00457
scoring_system	epss
scoring_elements	0.64358
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34232

reference_url

https://github.com/snowflakedb/snowflake-connector-nodejs

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/snowflakedb/snowflake-connector-nodejs

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34232

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34232

reference_url

https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a

reference_id

0c9622ae12cd7d627df404b73a783b4a5f60728a

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T20:19:44Z/

url

https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a

reference_url

https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465

reference_id

465

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T20:19:44Z/

url

https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465

reference_url

https://github.com/advisories/GHSA-h53w-7qw7-vh5c

reference_id

GHSA-h53w-7qw7-vh5c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h53w-7qw7-vh5c

reference_url

https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c

reference_id

GHSA-h53w-7qw7-vh5c

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T20:19:44Z/

url

https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c

reference_url

https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes

reference_id

Node-js-Driver-Release-Notes

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T20:19:44Z/

url

https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes

fixed_packages

url	pkg:npm/snowflake-sdk@1.6.21
purl	pkg:npm/snowflake-sdk@1.6.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.6.21

aliases CVE-2023-34232, GHSA-h53w-7qw7-vh5c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntn6-pdaj-sqfv

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.1.9

Package Instance