CVE-2025-24791

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-24791
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24791.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-24791
Aliases
Published
2025-01-29T17:15:30Z
Modified
2025-01-30T01:59:09.272359Z
Summary
[none]
Details

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

References

Affected packages

Git / github.com/snowflakedb/snowflake-connector-nodejs

Affected ranges

Type
GIT
Repo
https://github.com/snowflakedb/snowflake-connector-nodejs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.8
v1.1.9
v1.10.0
v1.10.1
v1.11.0
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.13
v1.6.14
v1.6.15
v1.6.16
v1.6.17
v1.6.18
v1.6.19
v1.6.2
v1.6.20
v1.6.21
v1.6.22
v1.6.23
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.8.0
v1.9.0
v1.9.1
v1.9.2
v1.9.3

v2.*

v2.0.0
v2.0.1