VulnerableCode Package Details - pkg:nuget/Snowflake.Data@2.0.17

Search for packages

Vulnerability	Summary	Fixed by
VCID-6khe-7z8z-yuhs Aliases: CVE-2023-34230 GHSA-223g-8w3x-98wr	snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.	2.0.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jyxb-ypcs-ufc4 Aliases: CVE-2025-24788 GHSA-2mqw-rq5m-8hc8	snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.	4.3.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6khe-7z8z-yuhs
Aliases:
CVE-2023-34230
GHSA-223g-8w3x-98wr

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.

2.0.18
Affected by 1 other vulnerability.

VCID-jyxb-ypcs-ufc4
Aliases:
CVE-2025-24788
GHSA-2mqw-rq5m-8hc8

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

4.3.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:51:12.107204+00:00	GitLab Importer	Affected by	VCID-jyxb-ypcs-ufc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-24788.yml	38.6.0
2026-06-12T18:56:49.123430+00:00	GitLab Importer	Affected by	VCID-6khe-7z8z-yuhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2023-34230.yml	38.6.0

2026-06-12T19:51:12.107204+00:00

GitLab Importer

Affected by

VCID-jyxb-ypcs-ufc4

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2025-24788.yml

38.6.0

2026-06-12T18:56:49.123430+00:00

GitLab Importer

Affected by

VCID-6khe-7z8z-yuhs

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Snowflake.Data/CVE-2023-34230.yml

38.6.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0