CVE-2023-34233

Name of the Vulnerable Software and Affected Versions Snowflake Connector for Python versions prior to 3.0.2

Description The issue concerns a command injection vulnerability via single sign-on (SSO) browser URL authentication. An attacker would need to establish a malicious resource and redirect users to it. The attacker could set up a malicious server that responds to the SSO URL with an attack payload. If a user visits the maliciously crafted connection URL, their local machine would render the malicious payload, leading to remote code execution. This can be mitigated through URL whitelisting and common anti-phishing resources.

Recommendations For versions prior to 3.0.2, upgrade to version 3.0.2 as soon as possible to fix the command injection vulnerability. As a temporary workaround, consider implementing URL whitelisting and utilizing common anti-phishing resources to minimize the risk of exploitation.