CVE-2023-34232

Name of the Vulnerable Software and Affected Versions snowflake-connector-nodejs versions prior to 1.6.21

Description The issue is related to a command injection vulnerability via single sign on (SSO) browser URL authentication. An attacker would need to establish a malicious resource and redirect users to utilize it. The attacker could set up a malicious server that responds to the SSO URL with an attack payload, leading to remote code execution if a user visits the maliciously crafted connection URL. This can be mitigated through URL whitelisting and common anti-phishing resources.

Recommendations To resolve the issue, upgrade to version 1.6.21 or later. As a temporary workaround, consider implementing URL whitelisting and using common anti-phishing resources to minimize the risk of exploitation. Restrict access to the SSO URL authentication feature until the issue is resolved.