Snowflake NodeJS Driver vulnerable to Command Injection
CVE-2023-34232

8.8HIGH

Key Information:

Vendor: snowflakedb
Status: snowflake-connector-nodejs
Vendor: CVE Published:; 8 June 2023

🔔 Create snowflakedb Vulnerability Alert

What is CVE-2023-34232?

The snowflake-connector-nodejs, an official NodeJS driver for Snowflake, is susceptible to command injection through single sign-on (SSO) browser URL authentication in versions prior to 1.6.21. An attacker can exploit this vulnerability by establishing a malicious resource and redirecting users to this harmful URL. By successfully tricking a user into accessing the compromised URL, the attacker's crafted payload can be executed on the user's local machine, potentially leading to unauthorized remote command execution. To mitigate this risk, it is recommended to implement URL whitelisting and employ anti-phishing measures. Upgrade to version 1.6.21 or later to secure against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch