Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-t8zh-z4zt-syc3
Summarysnowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 2.0.4.
Aliases
0
alias CVE-2025-46328
1
alias GHSA-wmjq-jrm2-9wfr
Fixed_packages
0
url pkg:npm/snowflake-sdk@2.0.4
purl pkg:npm/snowflake-sdk@2.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.4
Affected_packages
0
url pkg:npm/snowflake-sdk@1.10.0
purl pkg:npm/snowflake-sdk@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.10.0
1
url pkg:npm/snowflake-sdk@1.10.1
purl pkg:npm/snowflake-sdk@1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.10.1
2
url pkg:npm/snowflake-sdk@1.11.0
purl pkg:npm/snowflake-sdk@1.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.11.0
3
url pkg:npm/snowflake-sdk@1.12.0
purl pkg:npm/snowflake-sdk@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.12.0
4
url pkg:npm/snowflake-sdk@1.13.0
purl pkg:npm/snowflake-sdk@1.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.13.0
5
url pkg:npm/snowflake-sdk@1.13.1
purl pkg:npm/snowflake-sdk@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.13.1
6
url pkg:npm/snowflake-sdk@1.14.0
purl pkg:npm/snowflake-sdk@1.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.14.0
7
url pkg:npm/snowflake-sdk@1.15.0
purl pkg:npm/snowflake-sdk@1.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@1.15.0
8
url pkg:npm/snowflake-sdk@2.0.0
purl pkg:npm/snowflake-sdk@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.0
9
url pkg:npm/snowflake-sdk@2.0.1
purl pkg:npm/snowflake-sdk@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ktf5-mwef-abgt
1
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.1
10
url pkg:npm/snowflake-sdk@2.0.2
purl pkg:npm/snowflake-sdk@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.2
11
url pkg:npm/snowflake-sdk@2.0.3
purl pkg:npm/snowflake-sdk@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t8zh-z4zt-syc3
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snowflake-sdk@2.0.3
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46328
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08288
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46328
1
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/snowflakedb/snowflake-connector-nodejs
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46328
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46328
3
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/e94c24112271e1f44c271634bf29a3188acc68d0
reference_id e94c24112271e1f44c271634bf29a3188acc68d0
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:41:05Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/commit/e94c24112271e1f44c271634bf29a3188acc68d0
4
reference_url https://github.com/advisories/GHSA-wmjq-jrm2-9wfr
reference_id GHSA-wmjq-jrm2-9wfr
reference_type
scores
url https://github.com/advisories/GHSA-wmjq-jrm2-9wfr
5
reference_url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-wmjq-jrm2-9wfr
reference_id GHSA-wmjq-jrm2-9wfr
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:41:05Z/
url https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-wmjq-jrm2-9wfr
Weaknesses
0
cwe_id 367
name Time-of-check Time-of-use (TOCTOU) Race Condition
description The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score0.1 - 3.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-t8zh-z4zt-syc3