CVE-2024-43382

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43382

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43382.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43382

Aliases

GHSA-f686-hw9c-xw9c

Related

CGA-3x5j-3jmp-9j5w

Published

2024-10-30T21:15:14.160Z

Modified

2026-04-12T09:10:30.992788Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.

References

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c

Affected packages

Git / github.com/snowflakedb/snowflake-jdbc

Affected ranges

Type

GIT

Repo

https://github.com/snowflakedb/snowflake-jdbc

Events

Introduced

684656d333d7531f6854f719d1f2522434be2b07

Fixed

21e98c74145461212ff3a47f3540bc1fd3026a5e

Database specific

{
    "versions": [
        {
            "introduced": "3.2.6"
        },
        {
            "fixed": "3.20.0"
        }
    ]
}

Affected versions

3.*

3.13.21

3.13.22

v3.*

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.11.1

v3.12.0

v3.12.1

v3.12.11

v3.12.12

v3.12.14

v3.12.16

v3.12.2

v3.12.3

v3.12.4

v3.12.5

v3.12.6

v3.12.7

v3.12.9

v3.13.0

v3.13.1

v3.13.10

v3.13.12

v3.13.13

v3.13.14

v3.13.15

v3.13.16

v3.13.17

v3.13.18

v3.13.19

v3.13.2

v3.13.20

v3.13.21

v3.13.22

v3.13.23

v3.13.24

v3.13.25

v3.13.26

v3.13.27

v3.13.28

v3.13.29

v3.13.3

v3.13.30

v3.13.31

v3.13.32

v3.13.33

v3.13.4

v3.13.5

v3.13.6

v3.13.7

v3.13.8

v3.13.9

v3.14.0

v3.14.1

v3.14.2

v3.14.3

v3.14.4

v3.14.5

v3.15.0

v3.15.1

v3.16.0

v3.16.1

v3.17.0

v3.18.0

v3.19.0

v3.19.1

v3.2.6

v3.2.7

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.6.0

v3.6.1

v3.6.10

v3.6.11

v3.6.13

v3.6.14

v3.6.15

v3.6.17

v3.6.18

v3.6.19

v3.6.2

v3.6.20

v3.6.21

v3.6.23

v3.6.24

v3.6.25

v3.6.26

v3.6.27

v3.6.28

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.8

v3.6.9

v3.7.0

v3.7.1

v3.7.2

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.8.7

v3.8.8

v3.9.0

v3.9.1

v3.9.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/snowflakedb/snowflake-jdbc/commit/21e98c74145461212ff3a47f3540bc1fd3026a5e",
        "signature_version": "v1",
        "target": {
            "file": "src/main/java/net/snowflake/client/jdbc/SnowflakeDriver.java"
        },
        "id": "CVE-2024-43382-e7934dd2",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "87674454368960583278253932243093302631",
                "252526441228695263399039897143504444639",
                "124550780036735250839349245119655025324",
                "168648994019949861507178290233732502679"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43382.json"

vanir_signatures_modified

"2026-04-12T09:10:30Z"