Skip to content

x/vulndb: potential Go vuln in github.com/snowflakedb/gosnowflake: GHSA-6jgm-j7h2-2fqg #3650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
GoVulnBot opened this issue Apr 28, 2025 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/snowflakedb/gosnowflake: GHSA-6jgm-j7h2-2fqg #3650

GoVulnBot opened this issue Apr 28, 2025 · 1 comment
Labels
high priority triaged

Comments

@GoVulnBot
Copy link

Advisory GHSA-6jgm-j7h2-2fqg references a vulnerability in the following Go modules:

Module
github.com/snowflakedb/gosnowflake

Description:

Issue

Snowflake discovered and remediated a vulnerability in the Go Snowflake Driver (“Driver”). When using the Easy Logging feature on Linux and macOS, the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to overwrite the configuration and gain control over logging level and output location.

This vulnerability affects Driver versions from 1.7.0 up to, but not including, 1.13.3. Snowflake fixed the issue in version 1.13.3.

Vulnerability Details

When using the Easy Logging feature on Linux and macOS,...

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/snowflakedb/gosnowflake
      versions:
        - introduced: 1.7.0
        - fixed: 1.13.3
      vulnerable_at: 1.13.2
summary: |-
    Go Snowflake Driver has race condition when checking access to Easy Logging
    configuration file in github.com/snowflakedb/gosnowflake
cves:
    - CVE-2025-46327
ghsas:
    - GHSA-6jgm-j7h2-2fqg
references:
    - advisory: https://github.com/advisories/GHSA-6jgm-j7h2-2fqg
    - advisory: https://github.com/snowflakedb/gosnowflake/security/advisories/GHSA-6jgm-j7h2-2fqg
    - fix: https://github.com/snowflakedb/gosnowflake/commit/ba94a4800e23621eff558ef18ce4b96ec5489ff0
source:
    id: GHSA-6jgm-j7h2-2fqg
    created: 2025-04-28T21:01:18.589749142Z
review_status: UNREVIEWED
@thatnealpatel thatnealpatel mentioned this issue Apr 29, 2025
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/668935 mentions this issue: data/reports: add 6 reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
high priority triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @thatnealpatel @GoVulnBot