Maven package
net.snowflake/snowflake-jdbc
pkg:maven/net.snowflake/snowflake-jdbc
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3293 | Low | 3.3 | <= 4.0.1 | — | Feb 27, 2026 | A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argume | |
| CVE-2025-27496 | — | >= 3.0.13, < 3.23.1 | 3.23.1 | Mar 13, 2025 | Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client | ||
| CVE-2025-24790 | — | >= 3.6.8, < 3.22.0 | 3.22.0 | Jan 29, 2025 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snow | ||
| CVE-2025-24789 | — | >= 3.2.3, < 3.22.0 | 3.22.0 | Jan 29, 2025 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an at | ||
| CVE-2024-43382 | — | >= 3.2.6, < 3.20.0 | 3.20.0 | Oct 30, 2024 | Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. | ||
| CVE-2023-30535 | — | < 3.13.29 | 3.13.29 | Apr 14, 2023 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server |
- affected <= 4.0.1
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argume
- CVE-2025-27496Mar 13, 2025affected >= 3.0.13, < 3.23.1fixed 3.23.1
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client
- CVE-2025-24790Jan 29, 2025affected >= 3.6.8, < 3.22.0fixed 3.22.0
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snow
- CVE-2025-24789Jan 29, 2025affected >= 3.2.3, < 3.22.0fixed 3.22.0
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an at
- CVE-2024-43382Oct 30, 2024affected >= 3.2.6, < 3.20.0fixed 3.20.0
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
- CVE-2023-30535Apr 14, 2023affected < 3.13.29fixed 3.13.29
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server